Hi all,
We are thought of doing the $subject since the publisher and store apps are
built on top of REST APIs and most of the data transfers happen from client
side JS.In each REST API call from the swagger-client, send the accesses
token in the headers wich would be not good if we send them over HTTP.
So the idea is to redirect all the HTTP request to HTTPS automatically.So
that we make sure cookies are transferred in a secured manner.
1. Further Is it ok to close the HTTP port(9090), and only allow
HTTPS(9292) connections for publisher and store apps?
2. Is there a way we can achieve this from UUF?
By going through the code[1] if was able to redirect the users to HTTPS in
following way.
if (!env.request.isSecure()) {
var local_address = env.request.getLocalAddress();
var uri = env.request.getUri();
var secured_port = env.getSecuredPort(); // hypothetical
var redirect_to = "https://"; + local_address + ":" + secured_port + uri;
sendRedirect(redirect_to);
}
To share the code with other request handlers we can put it into a module
and include in all the relevant pages.
But if we have a way to achieve this[2], We can use the same method here to
redirect users to secure URLs.
Or should this be handled from carbon transport level?
[1]:
https://github.com/wso2/carbon-uuf/blob/master/components/uuf-core/src/main/java/org/wso2/carbon/uuf/spi/HttpRequest.java
[2]: [Dev] [UUF] Common "OnGet" method for all requests for a particular app
Thanks!
--
*Kasun Thennakoon*
Software Engineer
WSO2, Inc.
Mobile:+94 711661919
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
