[ic] ExtraSecure and special_pages/violation - PATCH
Jon Jensen
jon at endpoint.com
Wed Nov 13 15:37:18 UTC 2013
On Wed, 6 Nov 2013, Angus Rogerson wrote:
>> On Fri, 25 Oct 2013, Angus Rogerson wrote:
>>
>>> In an email exchange ending with
>>> http://www.icdevgroup.org/pipermail/interchange-users/2009-December/051506.html,
>>> Jon and Tom described a solution for better behaviour for the
>>> ExtraSecure feature.
>>>
>>> In an email
>>> http://www.icdevgroup.org/pipermail/interchange-users/2013-May/054042.html,
>>> Paul hints at the need for similar functionality.
>>>
>>> The patch below implements this feature in 5.8.0. Sorry, I don't have
>>> git.
>>>
>>> With this patch, the user gets a 301 redirect to the secure version of
>>> the page instead of the violation page. The logGlobal uses some
>>> non-standard CGI values which would need to be added to @Map in
>>> Vend::Server.
>>
>> Thanks for sending that, Angus. You mention that you needed to change
>> something in Vend::Server. Will you please send a patch for that too so
>> we can consider the whole set of changes together?
>
> Sorry about the delay. Please find attached patch which adds script_uri
> to list (@Map) of environment variables to copy to CGI. This is used to
> log anytime the bounce happens so we can identify who is sending people
> to the non-secure page.
Angus,
Thanks for sending that last little patch along. That's helpful for seeing
what you're after.
I'm a little confused about exactly what is going on here. The SCRIPT_URI
environment variable you're using only exists when Apache's mod_rewrite
was in effect for the request, which is far from the only way requests
pass through to Interchange.
That is explained here:
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
I could see the patch making sense if it can use one of the standard
environment variables Interchange already has. Is there one that would
work, or one of the catalog path configuration variables, or something?
Thanks,
Jon
--
Jon Jensen
End Point Corporation
http://www.endpoint.com/
More information about the interchange-users
mailing list