Uploaded image for project: 'OFBiz'
  1. OFBiz
  2. OFBIZ-11717

Clean how HTTP vs HTTPS is handled

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: In Progress
    • Minor
    • Resolution: Unresolved
    • Trunk, Upcoming Branch
    • None
    • ALL COMPONENTS
    • None

    Description

      To sum up, for a start:
      We now use HSTS and we have the http.request-map.list for the request which should be send not secured.

      So the https attribute of the request-map->security elements, which is false by default no longer makes any sense.

      My intention is to remove it, but it hides a number of other things. So we need to be careful. For instance, OFBIZ-11643 was a 1st aborted attempt. And anyway there is not security related so this is not an OFBIZ-1525 subtask

      Attachments

        Issue Links

          is related to

          Sub-task - The sub-task of the issue OFBIZ-1959 Remaining XSRF issues

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Sub-task - The sub-task of the issue OFBIZ-6849 Use only HTTPS in OFBiz

          • Major - Major loss of function.
          • Closed

          Activity

            People

              jleroux Jacques Le Roux
              jleroux Jacques Le Roux
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated: