We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit e149f3d6 authored by Evan Prodromou's avatar Evan Prodromou

Support SSL for some, all, or no pages

Support SSL URLs either for all pages; no pages; or for sensitive
pages accepting passwords, like login, registration, API, and others.
parent 47b89aa2
......@@ -925,6 +925,16 @@ dupelimit: Time in which it's not OK for the same person to post the
same notice; default = 60 seconds.
logo: URL of an image file to use as the logo for the site. Overrides
the logo in the theme, if any.
ssl: Whether to use SSL and https:// URLs for some or all pages.
Possible values are 'always' (use it for all pages), 'never'
(don't use it for any pages), or 'sometimes' (use it for
sensitive pages that include passwords like login and registration,
but not for regular pages). Default to 'never'.
sslserver: use an alternate server name for SSL URLs, like
'secure.example.org'. You should be careful to set cookie
parameters correctly so that both the SSL server and the
"normal" server can access the session cookie and
preferably other cookies as well.
db
--
......
......@@ -174,3 +174,13 @@ $config['sphinx']['port'] = 3312;
#http://taguri.org/ Examples:
#$config['integration']['taguri'] = 'example.net,2008';
#$config['integration']['taguri'] = 'admin@example.net,2009-03-09'
#Don't use SSL
#$config['site']['ssl'] = 'never';
#Use SSL only for sensitive pages (like login, password change)
#$config['site']['ssl'] = 'sometimes';
#Use SSL for all pages
#$config['site']['ssl'] = 'always';
#Use a different hostname for SSL-encrypted pages
#$config['site']['sslserver'] = 'secure.example.org';
......@@ -87,6 +87,8 @@ $config =
'closed' => false,
'inviteonly' => false,
'private' => false,
'ssl' => 'never',
'sslserver' => null,
'dupelimit' => 60), # default for same person saying the same thing
'syslog' =>
array('appname' => 'laconica', # for syslog
......
......@@ -721,25 +721,46 @@ function common_relative_profile($sender, $nickname, $dt=null)
function common_local_url($action, $args=null, $params=null, $fragment=null)
{
static $sensitive = array('login', 'register', 'passwordsettings',
'twittersettings', 'finishopenidlogin',
'api');
$r = Router::get();
$path = $r->build($action, $args, $params, $fragment);
$ssl = in_array($action, $sensitive);
if (common_config('site','fancy')) {
$url = common_path(mb_substr($path, 1));
$url = common_path(mb_substr($path, 1), $ssl);
} else {
if (mb_strpos($path, '/index.php') === 0) {
$url = common_path(mb_substr($path, 1));
$url = common_path(mb_substr($path, 1), $ssl);
} else {
$url = common_path('index.php'.$path);
$url = common_path('index.php'.$path, $ssl);
}
}
return $url;
}
function common_path($relative)
function common_path($relative, $ssl=false)
{
$pathpart = (common_config('site', 'path')) ? common_config('site', 'path')."/" : '';
return "http://".common_config('site', 'server').'/'.$pathpart.$relative;
if (($ssl && (common_config('site', 'ssl') === 'sometimes'))
|| common_config('site', 'ssl') === 'always') {
$proto = 'https';
if (is_string(common_config('site', 'sslserver')) &&
mb_strlen(common_config('site', 'sslserver')) > 0) {
$serverpart = common_config('site', 'sslserver');
} else {
$serverpart = common_config('site', 'server');
}
} else {
$proto = 'http';
$serverpart = common_config('site', 'server');
}
return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
}
function common_date_string($dt)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment