Thorsten Scherler schrieb: > On Tue, 2007-06-12 at 18:17 +0200, Andreas Hartmann wrote: >> Hi Lenya devs, >> >> I'm a bit confused how the proxy configuration works >> >> ATM we have something like this: >> >> <proxies ssl="false" root="..."> >> <proxy area="live" ssl="true" url="..."/> >> <proxy area="live" ssl="false" url="..."/> >> <proxy area="authoring" ssl="true" url="..."/> >> <proxy area="authoring" ssl="false" url="..."/> >> </proxies> >> >> Why does the <proxies> element with ssl=false have >> children with ssl=true? > > http://marc.info/?l=lenya-dev&m=118036330826401&w=2 > "Yes, all urls outside of areas are not ssl protected by default (at > least that is my understanding). Actually one can even get rid of the > @ssl. The ssl checkbox in the ac is the one that determines whether a > url is ssl protected or not but you cannot have ac for the global stuff > ATM and AFAIR."
But IIUC this would lead to the infamous "This page contains insecure components" messages, wouldn't it? If a page is served through SSL, all images, CSS etc. it references also have to be served through SSL. Maybe we have to look at some examples. -- Andreas >> Wouldn't it make more sense to have two <proxies> blocks >> which inherit the ssl setting to the <proxy> element? >> And why does the <proxies> element use a "root" attribute >> while the <proxy> elements use a "url" attribute? > > Because the "root" or "/" will be translated to the @url. > >> How about this: >> >> >> <proxies ssl="false" url="http://...";> >> <proxy area="live" url="http://..."/> >> <proxy area="authoring" url="http://..."/> >> </proxies> >> >> <proxies ssl="true" url="https://...";> >> <proxy area="live" url="https://..."/> >> <proxy area="authoring" url="https://..."/> >> </proxies> >> >> >> WDYT? > > Not sure since AFAIR "you cannot have ac for the global stuff". > > salu2 -- Andreas Hartmann, CTO BeCompany GmbH http://www.becompany.ch --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
