Lukas Kahwe Smith wrote:
> Lukas Kahwe Smith wrote:
>> Hi,
>>
>> I have some questions regarding sfSslRequirement [1]:
>> - Is there a reason why it was not implemented to not redirect to https
>> in development mode?
>>
>> - Is there a reason why the redirction is not only done on isFirstCall()?
>>
>> - Why is the code structured to not just have a $filterChain->execute();
>> call at the end, since the redirect should stop execution anyways?
>>
>> The above issues do not seem to be the case with the following solution:
>> http://blog.phpdeveloper.co.nz/2006/10/25/ssl-redirect-filter-for-symfony/
>>
>> However its not as cleanly implemented in other areas and it seems like
>> Fabien had his fingers on sfSslRequirement, so I am just wondering of
>> these were oversights or if I am missing something.
>>
>> regards,
>> Lukas
>>
>> [1] http://www.symfony-project.com/trac/wiki/sfSslRequirementPlugin
>
> So Fabien told me to just commit to the plugin. But I would prefer to
> hear from existing users before I go ahead with changes.
>
> On thing before I show the code:
> "If an action is not secured and allow_ssl is false, then all HTTPS
> request will be redirected to HTTP."
>
> I think there is a typo there and "not secured" should read "secured"
makes more sense indeed
> However I think the following steps would be better:
> I) only execute once per request and when not in dev environment
I don't understand why you want to deny a particular environment as
people could either use different environments or need to test some
function online. So I would prefer to either not rely on an environment
or to make it configurable.
> A) if not posting
so that form data don't get lost!? - ok.
> 1) if secured
> a) then check if its allowed else redirect from https to http
> b) else if secured required redirect from http to https
fine :-)
Regards,
Matthias
> Anyways here is a quick implementation that should be more efficient,
> that I have not yet tested.
>
> public function execute ($filterChain)
> {
> // execute only once and only if we are not in the development
> environment
> if ($this->isFirstCall() && SF_ENVIRONMENT != 'dev')
> {
> // get the cool stuff
> $context = $this->getContext();
> $request = $context->getRequest();
>
> // only redirect if not posting
> if ($request->getMethod() != sfRequest::POST) {
> $controller = $context->getController();
>
> // get the current action instance
> $actionEntry = $controller->getActionStack()->getLastEntry();
> $actionInstance = $actionEntry->getActionInstance();
>
> // request is SSL secured
> if ($request->isSecure())
> {
> // but SSL is not allowed
> if (!$actionInstance->sslAllowed())
> {
> $controller->redirect(str_replace('https', 'http',
> $request->getUri()));
> }
> }
> // request is not SSL secured, but SSL is required
> else if ($actionInstance->sslRequired())
> {
> $controller->redirect(str_replace('http', 'https',
> $request->getUri()));
> }
> }
> }
> $filterChain->execute();
> }
>
> regards,
> Lukas
>
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
-~----------~----~----~----~------~----~------~--~---
