Jump to:
| Project: | Secure Pages |
| Version: | 6.x-1.8 |
| Component: | Miscellaneous |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Issue Summary
First of all, let me start by saying thankyouthankyouthankyouthankyou. I so needed this module. I have some suggestions for the default path filters, though, because I see some potential problems. These are the defaults I have:
node/add*
I'd split this one so that it makes an exact match with the system paths. Not a big deal, but why not:
node/add
node/add/* (* matches page, forum, blog, etc.)
node/*/edit
No problem here.
user/*
This one's a BIG problem because the user login page is "user" (which doesn't match "user/*") so users can log in without SSL, which I believe is the whole point of this module. I split this one as well so that it exactly matches the system paths:
user
user/* (* matches uid, edit, etc.)
admin*
Like node/add* this should exactly match the system path, but in this case it's more important. This one would redirect to SSL on a url alias called, say, "administration_offices," which is pointless. So I split this one too:
admin
admin/* (* matches menu, aggregator, forum, etc.)
Just some suggestions to make sure SSL comes on at the right time, and not when there's no point.
Thanks again for the module!
Comments
#1
Thanks for that detailed explanation of problems with the default filter values. I got here, because I figured out a problem with the unsecure user login.
As the defautl values haven't changed until today, I update the version of this issue.
If I get it right, we have the following list now, covering all the problems you mentioned:
node/addnode/add/*
node/*/edit
user
user/*
admin
admin/*
#2
My suggestion for default filter values would be either ..
user
user/*
admin
admin/*
^^ public profile under SSL
or
admin
admin/*
user
user/
user/login
user/login/
user/register
user/register/
user/password
user/password/
user/*/edit
^^ public profile not under SSL