[TYPO3-core] RFC #15621: Feature: TYPO3 misses page-option to force SSL oder Non-SSL to page

Marcus Krause marcus#exp2010 at t3sec.info
Fri Sep 3 23:44:47 CEST 2010


Dmitry Dulepov schrieb am 09/02/2010 05:05 PM Uhr:
> Hi!
> 
> Ernesto Baschny [cron IT] wrote:
>> Or maybe:
>>
>> if ($_SERVER['REQUEST_METHOD'] === 'POST') {
>> 	$headerCode = t3lib_utility_Http::HTTP_STATUS_303;
>> } else {
>> 	$headerCode = t3lib_utility_Http::HTTP_STATUS_301;
>> }
> 
> This is better because the form can have a single button without "name"
> attribute and use URL parameters with POST request. Thus $_POST will be
> empty but the request is still POST. Same for AJAX request: request
> /index.php?id=1&x=y and force POST using XHTTPRequest object parameters.

Has anybody tested this feature with configured
[SYS][reverseProxySSL]?
"'*' or list of IP addresses of proxies that use SSL (https) for the
connection to the client, but an unencrypted connection (http) to the
server."

I assume we will end up in a timeout (1. reverse proxy requests via
http, 2. TYPO3 server redirects to https 3. goto 1).

Still, it's more or less useless to force SSL in page option when your
system delivers pages via SSL/TLS anyway. But you never know what
editors are going to do.


+1 to the feature in general

Marcus.


More information about the TYPO3-team-core mailing list