[ic] ExtraSecure and special_pages/violation - PATCH

[Jon Jensen]

On Wed, 6 Nov 2013, Angus Rogerson wrote:

>> On Fri, 25 Oct 2013, Angus Rogerson wrote:
>>
>>> In an email exchange ending with 
>>> http://www.icdevgroup.org/pipermail/interchange-users/2009-December/051506.html, 
>>> Jon and Tom described a solution for better behaviour for the 
>>> ExtraSecure feature.
>>>
>>> In an email 
>>> http://www.icdevgroup.org/pipermail/interchange-users/2013-May/054042.html, 
>>> Paul hints at the need for similar functionality.
>>>
>>> The patch below implements this feature in 5.8.0. Sorry, I don't have 
>>> git.
>>>
>>> With this patch, the user gets a 301 redirect to the secure version of 
>>> the page instead of the violation page. The logGlobal uses some 
>>> non-standard CGI values which would need to be added to @Map in 
>>> Vend::Server.
>>
>> Thanks for sending that, Angus. You mention that you needed to change 
>> something in Vend::Server. Will you please send a patch for that too so 
>> we can consider the whole set of changes together?
>
> Sorry about the delay. Please find attached patch which adds script_uri 
> to list (@Map) of environment variables to copy to CGI. This is used to 
> log anytime the bounce happens so we can identify who is sending people 
> to the non-secure page.

Angus,

Thanks for sending that last little patch along. That's helpful for seeing 
what you're after.

I'm a little confused about exactly what is going on here. The SCRIPT_URI 
environment variable you're using only exists when Apache's mod_rewrite 
was in effect for the request, which is far from the only way requests 
pass through to Interchange.

That is explained here:

http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html

I could see the patch making sense if it can use one of the standard 
environment variables Interchange already has. Is there one that would 
work, or one of the catalog path configuration variables, or something?

Thanks,
Jon

-- 
Jon Jensen
End Point Corporation
http://www.endpoint.com/