SSL and NON SSL Pages
Permalink 1 user found helpful
Could anyone explain in-depth on how hard it would be to get this to work. We have a client that wants a c5 site and I need to figure out how the SSL and NON-SSL pages will work together. If anyone has any inside on how this works please let me know.
Is it the hour of the morning, or did you mean https:// in some of those?
are we sure all the corners work? flash uploader.. etc? it's been a few versions since we had to do this ourselves.
are we sure all the corners work? flash uploader.. etc? it's been a few versions since we had to do this ourselves.
here's my thoughts on this...similar to Ryan's (make sure redirect to base url=false), but if you wanted to require SSL on certain pages, you could create a page type with the following code at the top:
I'm not 100% sure that this would work, as php headers might have already been sent by the type this code executes. In that case, a controller would need to be created for the page type with this same code in it.
I know there's a million other "important" feature requests, but it might be useful to have a page attribute in the core called "Require SSL" and let the core handle redirecting to SSL. Just a thought...probably not too high of priority.
<?php if ($_SERVER['HTTPS'] != 'on') { header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); } ?>
I'm not 100% sure that this would work, as php headers might have already been sent by the type this code executes. In that case, a controller would need to be created for the page type with this same code in it.
I know there's a million other "important" feature requests, but it might be useful to have a page attribute in the core called "Require SSL" and let the core handle redirecting to SSL. Just a thought...probably not too high of priority.
looks like the code in my previous post is getting kinda messed up when it is being rendered. here's a non-coded version that will hopefully show up okay...
<?php
if ($_SERVER['HTTPS'] != 'on') {
header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
?>
<?php
if ($_SERVER['HTTPS'] != 'on') {
header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
?>
btw...any thoughts from the core team on this? i wouldn't want to overstep or re-create anything that might already exist or be in the works for this (esp. with the e-commerce package i know you guys are working on).
Ryan's a proud member of the core team.. I actually just asked him how long this would take for a hosting client. We agreed to budget 3 hours for debugging corners (will those flash uploaders work?) but we don't see a major hurdle here...
again its been a few versions since we've done this... i imagine picnik will die.. etc.
again its been a few versions since we've done this... i imagine picnik will die.. etc.
yo ryan - hope i didn't seem to ignore the fact that you were on the core team and had already commented...i just wanted to make sure that there wasn't something else out there that already existed beyond what was already discussed related to redirecting only certain pages to SSL...
Has this ever been resolved? Does anyone know how to make pretty urls function with ssl? If I can access a page thru either http or https then how do you get index.php to work within the https url ?
this is over a year old, take a look at the free ssl addon in the Marketplace
I have, and it doesn't seem to do anything worthwhile - I have to manually decide which pages should be ssl, then I still need to hack the menus - and it doesn't resolve the problem with existing links on a page as they all revert to https as well.
Am I missing something?
Am I missing something?
so,http://yoursite.com would work the same as:
http://yoursite.com
If you wanted to require your site to be on ssl, you could not set the redirect to base url config and just set your base url to:
http://yoursite.com