I just installed securepages module and tested it. It appears to work similar to the solution I had for settings.php where it redirects the https after the http page start to generate. It comes loaded with the following patterns that it redirects to https:
node/add* node/*/edit user/* admin*
This part works kind of like block visibility. There is also a checkbox to switch back to http when a match from the list above is not made. I am very pleased with how this works and will switch my sites over to use this as opposed to the settings.php code changes I mentioned. I really like the way this is setup. Great job Gordon! I did notice that since admin* was already in the default list, my first test on a localhost drupal site was problematic since I didn't have ssl setup there and I couldn't get back into admin to turn off securesites. I then tested on a server with ssl and it worked perfect.
On a related note, I just finished listening to the latest lullabot podcast and Jeff, Ted and Matt were interviewing Gordon. He mostly talked about ecommerce and then mentioned securepages! Kind of since we have been discussing it. This module has really been needed and is important for sites that have ecommerce, ldap integreation (like me) and other needs to encrypt traffic.
Hope this helps!
Thanks, Mark
PS. I attached a screenshot of the settings page. I am not sure if it will go to the list, but we will see.
On Jun 13, 2006, at 5:17 PM, dondi_2006 wrote:
Gordon can comment on his module, but anytime you want to be sure you are encrypting from one page to another is to check the url in the
<form action=.... statement. If the url has https:// you are posting via ssl.
I know. I am asking because I probably won't have the possibility to install the module and test it before saturday...
Once Drupal realizes that you are requesting a page that needs https://, it redirects you immediately.
Yes, but it should realize it _before_ I request it. That is, it should generate html code with an https URL every time it (re) generates a page with a form pointing to the admin section. Even if it won't be used. This was the sense of my question. Is this what actually happens with that module?
TIA, O.
-- [ Drupal support list | http://lists.drupal.org/ ]
