The problem comes when Drupal can't tell which is the 'base_url' that should be used for form_actions and URLs.
Check out the secure_pages module, it handles the switching and sets the necessary variables for various pages of the site. It also will redirect to secure or non-secure if necessary for your site.
-Mike
On May 16, 2009, at 2:39 PM, Joseph Yamada wrote:
... this is bad, I won't be able to deploy to production until I fix this.
I've configured mod_ssl with my apache to require my drupal site to run in SSL.
And then I changed my login form to post back in https all the time $form = array( '#action' => preg_replace('/^http:/', 'https:', url($_GET['q'], drupal_get_destination(), null, true)), );
So my logins are encrypted.
So I'm on the site and https is encrypting the GETs, but then I change a form, say my profile page, then I post anything back to the server and my browser says I am sending text in the clear, non- encrypted.
Does this mean I need to rewrite the form posts for every form post page ?
Has anyone seen this, please assist a fellow Drupal user,
-- [ Drupal support list | http://lists.drupal.org/ ]
__________________ Michael Prasuhn 503.488.5433 office 714.356.0168 cell 503.661.7574 home mike@mikeyp.net http://mikeyp.net