[Seaside] RE: Login form via ssl (https)
Paul DeBruicker
pdebruic at gmail.com
Sun Sep 23 16:40:12 UTC 2012
I think you can change it with two server definitions in nginx and never
mess with Seaside's https/http functionality at all, ever.
e.g. If the link is to http://example.com/signin
http://example.com/signup or http://example.com/backend and the client
attempts to connect via http I rewrite & redirect to https with nginx
and pass the request to Seaside. The SSL connections are terminated at
Nginx. All my links in my Seaside app are just regular anchors/buttons
with plain callbacks. The public site can be accessed via http or
https. The sign-in, sign-up and backend portions are always SSL.
The signin form link becomes
html anchor
useBaseUrl;
extraPath:'signin';
callback:[self showSignin];
with:'Sign In'.
Once the user authenticates it would seem to make sense to serve them
only via SSL for the duration of their session to increase the
probability that none of their info leaks. Plus the cost in engineering
time to forever maintain a mental model of which links should be secure
or not seems high relative to the cost of just the cpu time to just make
everything SSL.
The Nginx server directives I use are:
server {
listen 80;
include sites-available/mySiteDetails.conf;
location ^~ /backend {
rewrite ^/(.*)$ https://www.example.com/$1 redirect;
}
location ^~ /signin {
rewrite ^/(.*)$ https://www.example.com/$1 redirect;
}
location ^~ /signup {
rewrite ^/(.*)$ https://www.example.com/$1 redirect;
}
}
server {
listen 443 ssl;
ssl_certificate /usr/local/nginx/conf/myApp.cert;
ssl_certificate_key /usr/local/nginx/conf/myApp.key;
include sites-available/mySiteDetails.conf;
location ^~ /backend {
try_files $uri @mySeasideApp;
}
location ^~ /signin {
try_files $uri @mySeasideApp;
}
location ^~ /signup {
try_files $uri @mySeasideApp;
}
}
Hope this helps
Paul
On 09/23/2012 09:11 AM, Dav wrote:
> Hi Boris,
> Actually I have secured and not secured links, and it's a lot of work
> change it, so I prefer only to secure login. Is it really so difficult in
> seaside?
> Cheers
> Dave
>
>
> Boris Popov, DeepCove Labs (SNN) wrote
>> Any specific reason you don't just want your whole application to be
>> SSL-secured?
>>
>> -Boris
>
>
>
>
>
> --
> View this message in context: http://forum.world.st/Login-form-via-ssl-https-tp4648556p4648566.html
> Sent from the Seaside General mailing list archive at Nabble.com.
> _______________________________________________
> seaside mailing list
> seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
>
More information about the seaside
mailing list