Message484

Author jedoig
Recipients jedoig, nyergler
Date 2009-03-12.21:23:49
Content
I added a middleware class called SSLMiddleWare that enables the redirects to
https.  Any request to http is handled by this class and the appropriate course
of action is taken.

* If the user is an existing one AND they're attempting to use an identifier on
HTTP, then the page is redirected to HTTPS, and the users profile page is
displayed without the OpenID header information and a short message explaining why.

* New users will be presented with a 403 error and a short message notifying the
user to use https instead

* Per our discussion, I am using a session variable to notify the view that a
redirect has occurred.  This variable needs to be removed after the page is
rendered so that it does not persist across future requests.  I was trying to
accomplish this in a process_response, but was unable to get this working
properly.  Instead, I just put it in the view function for the view_profile
while I continue to work on it in the middleware.

* I still need to write a dmigration script for the new model field in
profiles.models.CommonerProfile
History
Date User Action Args
2009-03-12 21:23:49jedoigsetrecipients: + jedoig, nyergler
2009-03-12 21:23:49jedoigsetmessageid: <1236893029.51.0.187714078941.issue94@creativecommons.org>
2009-03-12 21:23:49jedoiglinkissue94 messages
2009-03-12 21:23:49jedoigcreate