[Trac-tickets] [The Trac Project] #1774: Optionally force https://
protocol when logged in
The Trac Project
noreply at edgewall.com
Sun Jul 10 06:33:10 CDT 2005
#1774: Optionally force https:// protocol when logged in
-------------------------+--------------------------------------------------
Id: 1774 | Status: new
Component: general | Modified: Sun Jul 10 06:33:10 2005
Severity: enhancement | Milestone:
Priority: normal | Version: 0.8.4
Owner: jonas | Reporter: Martijn Pieters <mj at zopatista.com>
-------------------------+--------------------------------------------------
I like to protect my login credentials with encrypted links, but also like
to keep trac accessible to casual visitors ("self-signed certificates are
scary"). To achieve this I set up both http and https access to trac; the
!http://(.*)/login link redirects to !https://$1/login (which does the
usual Apache auth) and the !https://(.*)/logout link goes back to
!http://$1/logout. This works fine up to the moment an !http:// link is
encountered leading back to the unencrypted urls (or the url has been
altered manually). I solved this by adding a conditional rewrite rule that
redirects to the https version if a trac_auth cookie is encountered (see
also #1773).
I'd like trac to take care of this instead if so configured. The login and
logout links then link to the https:// and http:// links respectively. All
other links must use the https:// protocol when logged in; trac should use
the old behavior (using the supplied request information for the protocol)
when not logged in.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1774>
The Trac Project <>
More information about the Trac-Tickets
mailing list