Forum OpenACS Improvement Proposals (TIPs): TIP#154 Add AllowHTTPSRedirects parameter to acs-tcl

If HTTPS is handled by a proxy such as nginx, security::locations won't enable the HTTPS protocol as a valid location for internal redirects.

This parameter forces HTTPS as a valid protocol in security::locations when nsopenssl is disabled but HTTPS is handled by a proxy.

Does this need to be TIPed if the default behavior is unaffected?
Posted by Victor Guerra on

Or yes.. it could be a package parameter. The question would be if acs-tcl is the right package for that. acs-subsite and acs-kernel have also SSL related parameters.

Posted by Dave Bauer on
Originally I suspectd a config.tcl parameter since that is where nsopenssl is configured so the SSL determination is always defined there, and its consistent.

Obviously its easier to configure with a package parameter, but this makes more sense to me in the config file, since it really is defining the configuration of the server, and the package defines its behavior from that, we are not really modifying the package behavior.

Overall I don't see as a big point. Victor if you can provide the code that would be great. Thanks

Posted by Byron Linares on
Some time ago I proposed a solution to this issue and is what we have working in our OpenACS installation

Hi Byron,

I remember that.

I don't see it in the system, so I assumed you decided not to contribute it.

If it is already in the system, where is it?

Victor's solution includes modifying the headers. This is important for some cases.

FWIW, making it a config.tcl setting may be best afterall, if it's also modifying http headers (and affecting multiple packages)