Support SSL for some, all, or no pages
Support SSL URLs either for all pages; no pages; or for sensitive pages accepting passwords, like login, registration, API, and others.
This commit is contained in:
parent
47b89aa2c3
commit
e149f3d64b
10
README
10
README
@ -925,6 +925,16 @@ dupelimit: Time in which it's not OK for the same person to post the
|
|||||||
same notice; default = 60 seconds.
|
same notice; default = 60 seconds.
|
||||||
logo: URL of an image file to use as the logo for the site. Overrides
|
logo: URL of an image file to use as the logo for the site. Overrides
|
||||||
the logo in the theme, if any.
|
the logo in the theme, if any.
|
||||||
|
ssl: Whether to use SSL and https:// URLs for some or all pages.
|
||||||
|
Possible values are 'always' (use it for all pages), 'never'
|
||||||
|
(don't use it for any pages), or 'sometimes' (use it for
|
||||||
|
sensitive pages that include passwords like login and registration,
|
||||||
|
but not for regular pages). Default to 'never'.
|
||||||
|
sslserver: use an alternate server name for SSL URLs, like
|
||||||
|
'secure.example.org'. You should be careful to set cookie
|
||||||
|
parameters correctly so that both the SSL server and the
|
||||||
|
"normal" server can access the session cookie and
|
||||||
|
preferably other cookies as well.
|
||||||
|
|
||||||
db
|
db
|
||||||
--
|
--
|
||||||
|
@ -174,3 +174,13 @@ $config['sphinx']['port'] = 3312;
|
|||||||
#http://taguri.org/ Examples:
|
#http://taguri.org/ Examples:
|
||||||
#$config['integration']['taguri'] = 'example.net,2008';
|
#$config['integration']['taguri'] = 'example.net,2008';
|
||||||
#$config['integration']['taguri'] = 'admin@example.net,2009-03-09'
|
#$config['integration']['taguri'] = 'admin@example.net,2009-03-09'
|
||||||
|
|
||||||
|
#Don't use SSL
|
||||||
|
#$config['site']['ssl'] = 'never';
|
||||||
|
#Use SSL only for sensitive pages (like login, password change)
|
||||||
|
#$config['site']['ssl'] = 'sometimes';
|
||||||
|
#Use SSL for all pages
|
||||||
|
#$config['site']['ssl'] = 'always';
|
||||||
|
|
||||||
|
#Use a different hostname for SSL-encrypted pages
|
||||||
|
#$config['site']['sslserver'] = 'secure.example.org';
|
||||||
|
@ -87,6 +87,8 @@ $config =
|
|||||||
'closed' => false,
|
'closed' => false,
|
||||||
'inviteonly' => false,
|
'inviteonly' => false,
|
||||||
'private' => false,
|
'private' => false,
|
||||||
|
'ssl' => 'never',
|
||||||
|
'sslserver' => null,
|
||||||
'dupelimit' => 60), # default for same person saying the same thing
|
'dupelimit' => 60), # default for same person saying the same thing
|
||||||
'syslog' =>
|
'syslog' =>
|
||||||
array('appname' => 'laconica', # for syslog
|
array('appname' => 'laconica', # for syslog
|
||||||
|
31
lib/util.php
31
lib/util.php
@ -721,25 +721,46 @@ function common_relative_profile($sender, $nickname, $dt=null)
|
|||||||
|
|
||||||
function common_local_url($action, $args=null, $params=null, $fragment=null)
|
function common_local_url($action, $args=null, $params=null, $fragment=null)
|
||||||
{
|
{
|
||||||
|
static $sensitive = array('login', 'register', 'passwordsettings',
|
||||||
|
'twittersettings', 'finishopenidlogin',
|
||||||
|
'api');
|
||||||
|
|
||||||
$r = Router::get();
|
$r = Router::get();
|
||||||
$path = $r->build($action, $args, $params, $fragment);
|
$path = $r->build($action, $args, $params, $fragment);
|
||||||
|
|
||||||
|
$ssl = in_array($action, $sensitive);
|
||||||
|
|
||||||
if (common_config('site','fancy')) {
|
if (common_config('site','fancy')) {
|
||||||
$url = common_path(mb_substr($path, 1));
|
$url = common_path(mb_substr($path, 1), $ssl);
|
||||||
} else {
|
} else {
|
||||||
if (mb_strpos($path, '/index.php') === 0) {
|
if (mb_strpos($path, '/index.php') === 0) {
|
||||||
$url = common_path(mb_substr($path, 1));
|
$url = common_path(mb_substr($path, 1), $ssl);
|
||||||
} else {
|
} else {
|
||||||
$url = common_path('index.php'.$path);
|
$url = common_path('index.php'.$path, $ssl);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return $url;
|
return $url;
|
||||||
}
|
}
|
||||||
|
|
||||||
function common_path($relative)
|
function common_path($relative, $ssl=false)
|
||||||
{
|
{
|
||||||
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
|
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
|
||||||
return "http://".common_config('site', 'server').'/'.$pathpart.$relative;
|
|
||||||
|
if (($ssl && (common_config('site', 'ssl') === 'sometimes'))
|
||||||
|
|| common_config('site', 'ssl') === 'always') {
|
||||||
|
$proto = 'https';
|
||||||
|
if (is_string(common_config('site', 'sslserver')) &&
|
||||||
|
mb_strlen(common_config('site', 'sslserver')) > 0) {
|
||||||
|
$serverpart = common_config('site', 'sslserver');
|
||||||
|
} else {
|
||||||
|
$serverpart = common_config('site', 'server');
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$proto = 'http';
|
||||||
|
$serverpart = common_config('site', 'server');
|
||||||
|
}
|
||||||
|
|
||||||
|
return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
|
||||||
}
|
}
|
||||||
|
|
||||||
function common_date_string($dt)
|
function common_date_string($dt)
|
||||||
|
Loading…
Reference in New Issue
Block a user