On 12/15/06, Foster, Stephen (ASPIRE) <steve.foster@xxxxxxxxxxxxxx> wrote:
hi joshua, sorry i should have been more specific. Its not actually our app but an authentication plug-in and backend that changes the URI and then passes back to the browser. There may be a bug in it that its capturing the incoming URL and not able to re-write it to https before passing back. This is being investigated by the provider but in the meantime i would like to re-write the URI to the proper secure method. does that make sense?
Sort of. But it is hard to tell where your authentication plug-in is acting here. What I would do is simply tack a ? on the end of the URL when redirecting from HTTP to HTTPS. This will eliminate the query string and hopefully force your plug-in to recreate it. And it also has the benefit of making sure your don't accidentally have people submit sensitive information in the query string to the non-secure server. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|