-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 22/09/2006, at 05:23 AM, Scott Laird wrote: > That's part of the issue, but it'd be nice if *every* link to /admin > (or /accounts) used https while non-authenticated links still use > http. That's a bit harder to do from Apache. Part of the problem I had with this kind of trick from Apache was that the admin interface still links to various resources (stylesheets, image files) which are outside the /admin URL scheme. So I had to put in a whole set of extra rules to make those ones not auto-redirect back to http:, otherwise browsers would give a bunch of security warnings (displaying non-secure resource from secure page, etc.) TX -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFFH2PpuMe8iwN+6nMRAjxGAJkBBF2+c6bpEVuHwreOf8f64OWu3wCeNVRS BhUODYxqS2YLtufJIM0IlO0= =FbEW -----END PGP SIGNATURE----- _______________________________________________ Typo-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/typo-list
