This site has been archived and you can no longer log in or post new messages. For up-to-date community resources please visit ezplatform.com

eZ Community » Forums » eZ Publish 5 Platform » Forcing login to use HTTPS
expandshrink

Forcing login to use HTTPS

Forcing login to use HTTPS

Monday 15 September 2014 1:23:51 pm - 1 reply

For whom it may help,

Apparently ez5 does not take care of existing ez4 setting : ModuleViewAccessMode[user/login]=ssl, and  authentication is made through http.

If you need HTTPS, you may update your routing (ezpublish/config/routing.yml) :

login:
    path:   /login
    defaults:  { _controller: ezpublish.security.controller:loginAction }
    requirements:
        _scheme:  https
login_check:
    path:   /login_check
    requirements:
        _scheme:  https

Is there a better way ?

Thanks,

Hakim

Tuesday 16 September 2014 12:04:27 am

I'm not the symfony expert, but there might be a need for a symfony or eZ setting that much more simple forces https and make the system secure session cookies (secure flag), use HSTS and make sure traffic always goes over https on certain parts of the site.

> Apparently ez5 does not take care of existing ez4 setting : 

correct, new/symfony/platform kernel is independent and executed first in the chain of these two kernels, integrations include:

  • injection most of ez yml setting from new kernel to legacy kernel
  • fallback of routes (urls) when not defined as symfony route and not url alias
    • Also including url alias if siteaccess is configured as legacy mode, however this is not recommended for performance (if you only plan to use pure legacy, pointing apache to legacy folder is better for this case)
  • fallback to legacy templates when no override is defined a content / location view
  • csrf integration
  • possibility to execute callbacks to legacy code
  • possibility to execute symfony code from legacy
    • Avoid calling symfony code which falls back to legacy, cyclic inception not supported
  • uses same database
  • cache clearing both ways on use, including for HTTP Cache (Symfony and Varnish)
  • possibility to put legacy extensions within a eZ Bundle for better code organization

Might have forgotten something happy.gif Emoticon

Modified on Wednesday 17 September 2014 11:19:53 am by André R

expandshrink

You must be logged in to post messages in this topic!

36 542 Users on board!

Forums menu

Proudly Developed with from