This mail is an automated notification from the bugs tracker
of the project: Savane.
/**************************************************************************/
[bugs #272] Latest Modifications:
Changes by:
Mathieu Roy <[EMAIL PROTECTED]>
'Date:
sam 21.02.2004 à 21:05 (Europe/Paris)
------------------ Additional Follow-up Comments ----------------------------
Well, I get the idea but I can't think about a way to get this solved in a
satisfactory way.
You cannot assume that users want to use https because the user that updated
the item was on https. If it only provides https, like Gna!, it should be set
up like Gna! to rewrite any http url to https.
The only way to select https/http is to use the session information. But it
implies using the setting of one session for all session. And, more annoyingly,
it would force us to add a test on that for each mail and each recipient.
I think it would increase the complexity of the code and resources usage
without helping that much. After all, it does not cost that much to do rewrite
like we do at Gna!
And if a user asked when creating is session to use https, he will be
redirected on https as soon he is authenticated (so the authentication info
would transit only once over http, acceptable to me).
So I would go for a close/wontfix, if you do not object. I admit that
theoretically it would be best to have https where it is due, but the cost
seems way to high.
/**************************************************************************/
[bugs #272] Full Item Snapshot:
URL: <http://gna.org/bugs/?func=detailitem&item_id=272>
Project: Savane
Submitted by: Vincent Caron
On: ven 20.02.2004 à 10:32
Category: Web Frontend
Severity: 1 - Trivial
Priority: A - Later
Resolution: None
Assigned to: None
Status: Open
Release:
Planned Release:
Summary: bug notifications via e-mail provide HTTP links to the ticket when
HTTPS is expected
Original Submission: Summary should be enough :).
Commentaires :
------------------
-------------------------------------------------------
Date: sam 21.02.2004 à 21:05 By: yeupou
Well, I get the idea but I can't think about a way to get this solved in a
satisfactory way.
You cannot assume that users want to use https because the user that updated
the item was on https. If it only provides https, like Gna!, it should be set
up like Gna! to rewrite any http url to https.
The only way to select https/http is to use the session information. But it
implies using the setting of one session for all session. And, more annoyingly,
it would force us to add a test on that for each mail and each recipient.
I think it would increase the complexity of the code and resources usage
without helping that much. After all, it does not cost that much to do rewrite
like we do at Gna!
And if a user asked when creating is session to use https, he will be
redirected on https as soon he is authenticated (so the authentication info
would transit only once over http, acceptable to me).
So I would go for a close/wontfix, if you do not object. I admit that
theoretically it would be best to have https where it is due, but the cost
seems way to high.
For detailed info, follow this link:
<http://gna.org/bugs/?func=detailitem&item_id=272>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
