Hi,
First let me say that I'm thoroughly impressed with the work
you guys have done in designing and coding the Acegi Security Framework.
Thank you (from all of us) for all that hard work. I've implemented a
web app using it but have a question regarding the ChannelProcessingFilter and
how it redirects back to HTTP.
As I'm sure you're already aware, if IE is already in a HTTPS
page, when it receives a response.sendRedirect() to a non-secure resource, by
default it gives that dialog box "You are about to be redirected to a non-secure
page". Of course this can be turned off via a setting in the user's
browser, but we're not going to go and ask thousands of users using IE to change
this setting. Most of them can't anyways due to IT control.
I've seen workarounds to this where instead of a
sendRedirect(http://abc.com/non-secureURL), the
server sends back a https redirect and in that page there's a small piece of
_javascript_ that does a refresh of the browser to the non-secure
URL.
As it is right now your ChannelProcessingFilter is just doing
a simple sendRedirect(). Have you guys ran across this issue?
or should I implement my own filter which extends yours and just changes this
behavior to write a tiny little page with the _javascript_ I mentioned to do the
redirecting?
Much appreciated.
Joseph
|
- Re: [Acegisecurity-developer] How do I avoid the IE redire... Joseph Schmoley
- Re: [Acegisecurity-developer] How do I avoid the IE r... Ben Alex
- Re: [Acegisecurity-developer] How do I avoid the ... Joseph Schmoley
- Re: [Acegisecurity-developer] How do I avoid ... Ben Alex
- Re: [Acegisecurity-developer] How do I av... Joseph Schmoley
- Re: [Acegisecurity-developer] How do... Ben Alex
- [Acegisecurity-developer] Authen... Joseph Schmoley
- Re: [Acegisecurity-developer... Ben Alex