Hi, I don't know about 1.4 or 2.0 but in 1.2 Symfony I could not
specify to print my URL over https easily as one of the URL helpr
options or to say in the routing yaml that 'this URL needs to be
rendered as https" when I am on a http page.
For example when rendering a login credentials form on the home page
that is requested over http. As credentials can't go over http, its
better the form's URL goes to https directly.
It is no good to do it as a filter or how some ssl plugins work using
security.yml as the request is submitted to a http URL and then
redirected to https due to the restrictions placed, this is not going
to satisfy the above example securely.
In the mean time, or due to my lack of awareness on how to do this in
the framework, I went with this code:
<form name="loginform" action="<?php echo str_replace('http',
'https', url_for('@sf_guard_signin', true)) ?>" method="post">
but it seems like this could easily be handled by routing or URL
helpers.
With Best Regards,
Alex Stoneham
P.s. Thanks for the recent advent calander, very nice, thanks for
keeping us posted of the release schedules, and thanks for all those
who covered Symfony Live 2010 for those who couldn’t attend.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
