[ic] ExtraSecure and special_pages/violation
Jon Jensen
jon at endpoint.com
Fri Dec 18 22:08:08 UTC 2009
On Thu, 17 Dec 2009, Thomas J.M. Burton wrote:
> Upon further evaluation, it seems that the most appropriate solution to
> this would be to revise lib/Vend/Page.pm and change the way that
> AlwaysSecure pages are handled when ExtraSecure is enabled.
> Specifically, that would be lines 105-109:
>
> if($Vend::Cfg->{ExtraSecure} and
> $Vend::Cfg->{AlwaysSecure}->{$name}
> and !$CGI::secure) {
> $name = find_special_page('violation');
> }
>
> Rather than sending users to the violation page in that situation,
> shouldn't it be redirecting the requested URL via https? Unless there's
> a reason for sending those requests to the violation page, that would
> seem like the most efficient solution. Otherwise, the checks performed
> in Page.pm would need to be repeated in the violation page, which seems
> redundant and inefficient.
>
> If changing Page.pm would be the appropriate solution, I'm not sure of
> the most efficient way to do so.
Good points.
See the code for BounceReferrals in Vend::Dispatch for an example of how
to redirect.
Let me know if you get stuck on the coding.
Thanks!
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
More information about the interchange-users
mailing list