Changes between Version 12 and Version 13 of PermRedirectPlugin
- Timestamp:
- Jan 17, 2016, 3:50:24 PM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
PermRedirectPlugin
v12 v13 5 5 == Description 6 6 7 This plugin provides t wo features related tologin:7 This plugin provides the following features related to Trac login: 8 8 9 9 * When an anonymous user attempts to visit a page that the user does not have access to, the user will be sent to the login screen instead of seeing Trac's built-in "Permission Error: maybe you should log in" page. … … 59 59 == HTTPS Only 60 60 61 The plugin provides a feature to ensure that all requests to the login page occur over HTTPS, which can be enabled per the "usage" section above. This will intercept all requests to http://hostname.com/login and redirect them to https://hostname.com/login instead. For this feature to work, you must configure your web server to accept HTTPS requests on port 443. This feature will only work if your web server is serving HTTP requests on port 80 and HTTPS requests on port 443; no other configurations are currently supported. Also, '''this feature should only be enabled if you are using AccountManager to handle login.''' If your site's login occurs in the web server, eg Apache authentication, then this feature will not be able to secure your login handler. 61 The plugin provides a feature to ensure that all requests to the login page occur over HTTPS, which can be enabled per the "usage" section above. This will intercept all requests to `http://hostname.com/login` and redirect them to `https://hostname.com/login` instead. 62 63 For this feature to work, you must configure your web server to accept HTTPS requests on port 443. This feature will only work if your web server is serving HTTP requests on port 80 and HTTPS requests on port 443; no other configurations are currently supported. Also, '''this feature should only be enabled if you are using AccountManager to handle login.''' If your site's login occurs in the web server, eg Apache authentication, then this feature will not be able to secure your login handler. 62 64 63 65 It is also possible to implement a similar feature without this plugin at all, using `RewriteRules` in your Apache configuration. This alternative approach must be used if you are handling login through the Apache web server. Your Apache configuration would include lines like: … … 74 76 == Frequently Asked Questions 75 77 76 * After logging in, Trac always loads the home page, instead of the page the user came from. On the login page, the `?referer` query string is double-quoted (double-encoded), and looks like `?referer=http%253A%252F%252Fthe_host%252Fthe_project%252Ftimeline` (with the "%" in "%3A" re-quoted to create "%253A") instead of `?http%3A%2F%2Fthe_host%2Fthe_project%252Ftimeline`.78 '''Q:''' After logging in, Trac always loads the home page, instead of the page the user came from. On the login page, the `?referer` query string is double-quoted (double-encoded), and looks like `?referer=http%253A%252F%252Fthe_host%252Fthe_project%252Ftimeline` with the "%" in "%3A" re-quoted to create "%253A" instead of `?http%3A%2F%2Fthe_host%2Fthe_project%252Ftimeline`. Why is this? 77 79 78 This is caused by a faulty Apache configuration. You are probably using a `RewriteRule` to redirect login over HTTPS. You must use the `[NE]` (no-escape) flag on your `RewriteRule` to prevent double-quoting. For more information, see http://trac-hacks.org/ticket/2210#comment:3680 '''A:''' This is caused by a faulty Apache configuration. You are probably using a `RewriteRule` to redirect login over HTTPS. You must use the `[NE]` (no-escape) flag on your `RewriteRule` to prevent double-quoting. For more information, see http://trac-hacks.org/ticket/2210#comment:36 79 81 80 82 == Recent Changes