Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow production sites to operate over HTTP #2458

Merged
merged 1 commit into from
Sep 24, 2024
Merged

Allow production sites to operate over HTTP #2458

merged 1 commit into from
Sep 24, 2024

Conversation

williamjallen
Copy link
Collaborator

CDash currently requires all production sites to operate over HTTPS, even if the APP_URL has a HTTP prefix. There is no technical reason why this requirement is necessary at this point, and some users may desire to forgo setting up certificates for a small internal instance, such as #2457. This PR removes this requirement and fully respects the APP_URL as configured.

@williamjallen williamjallen added this to the v3.6 milestone Sep 24, 2024
@williamjallen williamjallen mentioned this pull request Sep 24, 2024
Closed
@williamjallen williamjallen linked an issue Sep 24, 2024 that may be closed by this pull request
why it force redirect to https://172.168.10.9:8080,when we set APP_ENV=production and APP_URL=http://172.168.10.9:8080 #2457
Closed
josephsnyder
josephsnyder approved these changes Sep 24, 2024
View reviewed changes
Copy link
Member

@josephsnyder josephsnyder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@josephsnyder josephsnyder added this pull request to the merge queue Sep 24, 2024
Merged via the queue into Kitware:master with commit 5cc57e8 Sep 24, 2024
6 checks passed
@williamjallen williamjallen deleted the http-production branch September 24, 2024 15:35
@williamjallen williamjallen mentioned this pull request Sep 25, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Sep 27, 2024
@williamjallen
Allow session cookies over HTTP if APP_URL starts with http:// (#2462)
b1d3bd6 
#2458 removed the requirement for
production sites to operate over HTTPS, but did not change the
configuration option which allows session cookies to be sent over HTTP.
This PR changes that option to allow session cookies to work over HTTP.
Operating a CDash site over HTTP is insecure and is not recommended for
most users.

User sessions don't really make sense for a HTTP site, since sessions
cannot be secured. If there is interest and financial support in the
future, it may be interesting to investigate simply turning off the
ability to log in altogether for HTTP sites.

Closes #2461
@williamjallen williamjallen mentioned this pull request Oct 16, 2024
Merged
github-merge-queue bot pushed a commit that referenced this pull request Oct 17, 2024
@williamjallen
Force URL to start with HTTPS if APP_URL starts with https:// (#2508)
c3734da 
#2458 removed a line which was
believed to have no effect. After deploying a recent version of CDash to
a production system based on Kubernetes, it was discovered that Laravel
automatically changes the protocol to `http://` if the incoming request
is a HTTP request, even if the `APP_URL` starts with `https://`. This PR
addresses the issue by forcing Laravel to respect the protocol specified
by the `APP_URL` environment variable.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@josephsnyder josephsnyder josephsnyder approved these changes

Assignees
No one assigned
Labels
release notes: administration
Projects
None yet
Milestone
v3.6
2 participants
@williamjallen @josephsnyder