This is a snapshot of Indico's old Trac site. Any information contained herein is most probably outdated. Access our new GitHub site here.

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#891 closed defect (fixed)

If modification/access key is being used, force HTTPS

Reported by: pferreir Owned by: mpugh
Priority: high Milestone: v0.98.1
Component: General Version: 0.98-dev
Keywords: Cc:

Description

(Of course, only if AuthenticatedEnforceSecure? is set to True)

Change History (6)

comment:1 Changed 4 years ago by jbenito

  • Owner set to jmonnich
  • Status changed from new to assigned

comment:2 Changed 4 years ago by jbenito

  • Owner changed from jmonnich to mpugh

comment:3 Changed 4 years ago by mpugh

  • Status changed from assigned to awaiting_merge

comment:4 Changed 4 years ago by jbenito

  • Status changed from awaiting_merge to assigned

Force https after access/modif key as well

comment:5 Changed 4 years ago by Matthew Pugh <matthew.alexander.pugh@…>

  • Resolution set to fixed
  • Status changed from assigned to closed

In [a60de131f2edaee0ddbaf80e4561d9ce00b947a6/indico]:

[IMP] Force HTTPS with Access & Modif Keys

  • Implemented _getAuth in base to check if user is authenticated or if they have a modification or access key in the session.
  • Changed https enforcement check to _getAuth to force HTTPS
  • Removed _toHttps redirect attribute in conferenceModif and conferenceDisplay as not needed
  • Closes #891

comment:6 Changed 4 years ago by Matthew Pugh <matthew.alexander.pugh@…>

In [4506a8ed07f32d82381bd0826918b2f3da6b2f4c/indico]:

[IMP] Force HTTPS with Access & Modif Keys

  • Implemented _getAuth in base to check if user is authenticated or if they have a modification or access key in the session.
  • Changed https enforcement check to _getAuth to force HTTPS
  • Removed _toHttps redirect attribute in conferenceModif and conferenceDisplay as not needed
  • Closes #891
Note: See TracTickets for help on using tickets.