Andreas Hartmann wrote: > Thorsten Scherler schrieb: >> On Tue, 2007-06-12 at 18:17 +0200, Andreas Hartmann wrote: >>> Hi Lenya devs, >>> >>> I'm a bit confused how the proxy configuration works >>> >>> ATM we have something like this: >>> >>> <proxies ssl="false" root="..."> >>> <proxy area="live" ssl="true" url="..."/> >>> <proxy area="live" ssl="false" url="..."/> >>> <proxy area="authoring" ssl="true" url="..."/> >>> <proxy area="authoring" ssl="false" url="..."/> >>> </proxies> >>>
This configuration description is really confusing! >>> Why does the <proxies> element with ssl=false have >>> children with ssl=true? >> http://marc.info/?l=lenya-dev&m=118036330826401&w=2 >> "Yes, all urls outside of areas are not ssl protected by default (at >> least that is my understanding). Actually one can even get rid of the >> @ssl. The ssl checkbox in the ac is the one that determines whether a >> url is ssl protected or not but you cannot have ac for the global stuff >> ATM and AFAIR." > > But IIUC this would lead to the infamous "This page contains insecure > components" messages, wouldn't it? If a page is served through SSL, > all images, CSS etc. it references also have to be served through > SSL. > > Maybe we have to look at some examples. > Maybe, but I think the description should be self-explanatory (as far as possible). >>> Wouldn't it make more sense to have two <proxies> blocks >>> which inherit the ssl setting to the <proxy> element? >>> And why does the <proxies> element use a "root" attribute >>> while the <proxy> elements use a "url" attribute? >> Because the "root" or "/" will be translated to the @url. >> >>> How about this: >>> >>> >>> <proxies ssl="false" url="http://...";> >>> <proxy area="live" url="http://..."/> >>> <proxy area="authoring" url="http://..."/> >>> </proxies> >>> >>> <proxies ssl="true" url="https://...";> >>> <proxy area="live" url="https://..."/> >>> <proxy area="authoring" url="https://..."/> >>> </proxies> >>> >>> +1 Jann --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
