16 May
2009
16 May
'09
11:39 p.m.
... this is bad, I won't be able to deploy to production until I fix this. I've configured mod_ssl with my apache to require my drupal site to run in SSL. And then I changed my login form to post back in https all the time $form = array( '#action' => preg_replace('/^http:/', 'https:', url($_GET['q'], drupal_get_destination(), null, true)), ); So my logins are encrypted. So I'm on the site and https is encrypting the GETs, but then I change a form, say my profile page, then I post anything back to the server and my browser says I am sending text in the clear, non-encrypted. Does this mean I need to rewrite the form posts for every form post page ? Has anyone seen this, please assist a fellow Drupal user,