[support] SSL Form Posts in Drupal are sent in the clear ...
Joseph Yamada
joe.yamada at gmail.com
Sat May 16 21:39:53 UTC 2009
... this is bad, I won't be able to deploy to production until I fix this.
I've configured mod_ssl with my apache to require my drupal site to run in
SSL.
And then I changed my login form to post back in https all the time
$form = array(
'#action' => preg_replace('/^http:/', 'https:', url($_GET['q'],
drupal_get_destination(), null, true)),
);
So my logins are encrypted.
So I'm on the site and https is encrypting the GETs, but then I change a
form, say my profile page, then I post anything back to the server and my
browser says I am sending text in the clear, non-encrypted.
Does this mean I need to rewrite the form posts for every form post page ?
Has anyone seen this, please assist a fellow Drupal user,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.drupal.org/pipermail/support/attachments/20090516/2c0594c7/attachment.htm>
More information about the support
mailing list