Opened 19 years ago
Closed 17 years ago
#1774 closed enhancement (wontfix)
Optionally force https:// protocol when logged in
| Reported by: | Owned by: | Jonas Borgström | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | general | Version: | 0.8.4 |
| Severity: | normal | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
I like to protect my login credentials with encrypted links, but also like to keep trac accessible to casual visitors ("self-signed certificates are scary"). To achieve this I set up both http and https access to trac; the http://(.*)/login link redirects to https://$1/login (which does the usual Apache auth) and the https://(.*)/logout link goes back to http://$1/logout. This works fine up to the moment an http:// link is encountered leading back to the unencrypted urls (or the url has been altered manually). I solved this by adding a conditional rewrite rule that redirects to the https version if a trac_auth cookie is encountered (see also #1773).
I'd like trac to take care of this instead if so configured. The login and logout links then link to the https:// and http:// links respectively. All other links must use the https:// protocol when logged in; trac should use the old behavior (using the supplied request information for the protocol) when not logged in.
Attachments (0)
Change History (4)
comment:1 by , 18 years ago
comment:3 by , 18 years ago
In that case, this does not seem like a general enough problem that it will be a part of Trac core. Propose closing as wontfix and point to the plugin if the functionality is desired.
This appears to be an Apache problem rather than a Trac problem.