Changes between Version 12 and Version 13 of PermRedirectPlugin


Ignore:
Timestamp:
Jan 17, 2016, 3:50:24 PM (8 years ago)
Author:
figaro
Comment:

Cosmetic changes, tagged with pypi

Legend:

Unmodified
Added
Removed
Modified

  • PermRedirectPlugin

    v12 v13  
    55== Description
    66
    7 This plugin provides two features related to login:
     7This plugin provides the following features related to Trac login:
    88
    99 * When an anonymous user attempts to visit a page that the user does not have access to, the user will be sent to the login screen instead of seeing Trac's built-in "Permission Error: maybe you should log in" page.
     
    5959== HTTPS Only
    6060
    61 The plugin provides a feature to ensure that all requests to the login page occur over HTTPS, which can be enabled per the "usage" section above. This will intercept all requests to http://hostname.com/login and redirect them to https://hostname.com/login instead. For this feature to work, you must configure your web server to accept HTTPS requests on port 443. This feature will only work if your web server is serving HTTP requests on port 80 and HTTPS requests on port 443; no other configurations are currently supported. Also, '''this feature should only be enabled if you are using AccountManager to handle login.''' If your site's login occurs in the web server, eg Apache authentication, then this feature will not be able to secure your login handler.
     61The plugin provides a feature to ensure that all requests to the login page occur over HTTPS, which can be enabled per the "usage" section above. This will intercept all requests to `http://hostname.com/login` and redirect them to `https://hostname.com/login` instead.
     62
     63For this feature to work, you must configure your web server to accept HTTPS requests on port 443. This feature will only work if your web server is serving HTTP requests on port 80 and HTTPS requests on port 443; no other configurations are currently supported. Also, '''this feature should only be enabled if you are using AccountManager to handle login.''' If your site's login occurs in the web server, eg Apache authentication, then this feature will not be able to secure your login handler.
    6264
    6365It is also possible to implement a similar feature without this plugin at all, using `RewriteRules` in your Apache configuration. This alternative approach must be used if you are handling login through the Apache web server. Your Apache configuration would include lines like:
     
    7476== Frequently Asked Questions
    7577
    76  * After logging in, Trac always loads the home page, instead of the page the user came from. On the login page, the `?referer` query string is double-quoted (double-encoded), and looks like `?referer=http%253A%252F%252Fthe_host%252Fthe_project%252Ftimeline` (with the "%" in "%3A" re-quoted to create "%253A") instead of `?http%3A%2F%2Fthe_host%2Fthe_project%252Ftimeline`.
     78 '''Q:''' After logging in, Trac always loads the home page, instead of the page the user came from. On the login page, the `?referer` query string is double-quoted (double-encoded), and looks like `?referer=http%253A%252F%252Fthe_host%252Fthe_project%252Ftimeline` with the "%" in "%3A" re-quoted to create "%253A" instead of `?http%3A%2F%2Fthe_host%2Fthe_project%252Ftimeline`. Why is this?
    7779
    78 This is caused by a faulty Apache configuration. You are probably using a `RewriteRule` to redirect login over HTTPS. You must use the `[NE]` (no-escape) flag on your `RewriteRule` to prevent double-quoting. For more information, see http://trac-hacks.org/ticket/2210#comment:36
     80 '''A:''' This is caused by a faulty Apache configuration. You are probably using a `RewriteRule` to redirect login over HTTPS. You must use the `[NE]` (no-escape) flag on your `RewriteRule` to prevent double-quoting. For more information, see http://trac-hacks.org/ticket/2210#comment:36
    7981
    8082== Recent Changes