Log in |
Managing http/https URL LinksLast Revised: Sept. 12, 2000 The ProblemMany Web sites use a combination of SSL and non-SSL servers to handle requests. The problem is managing which URL links need to be prefixed with https and which need to be prefixed by http. You could use absolute URLs everywhere (which you need to use anyway when switching from non-SSL to SSL, or vice versa), but that gets cumbersome and the benefits of relative URLs are lost. Some argue that it's easy enough to just run everything under SSL, but why waste the resources where encryption is unimportant? This document explains one of probably many ways to handle this problem. A Simple SolutionZope provides a handy method called absolute_url() that returns the URL that can be used in the HREF attribute of an HTML link. The problem is that absolute_url() always returns an http prefix if the current request was using a non-SSL server, and an https prefix if the current request was using an SSL server. A simple solution starts with setting a boolean property called SSL in the Zope root folder. Setting this on will make the site default to https. Setting it off will make the site default to http. You can then set the same boolean property in different Zope folders based on whether or not you would like links to objects within the folder to use SSL or not. Acquisition is a wonderful thing, so you only need to set the property on folders that you want to be different than its parent folder. You can also set the SSL property on individual documents if you desire. In order to make use of the new property, you must install the SSLAbsoluteURL product for Zope 2.2. This solution only works for Zope 2.2.x, so don't try it on 2.1.x. SSLAbsoluteURL extends the behavior of the builtin absolute_url() method. The modified absolute_url() calls the original absolute_url() and then changes the http/https prefix according to the SSL property. Now, for example, if you want to provide a link for the URL http://www.logicetc.com/Services/Support/Zope, use the following HTML code: <A HREF="<dtml-var "Services.Support.Zope" url>">Zope Support</A> Of course if you're using this link on a document, for example, inside /Services/Support, you could use the following as well: <A HREF="<dtml-var "Zope" url>">Zope Support</A> or this: <A HREF="&dtml.url-Zope;">Zope Support</A> Note that there isn't yet a way to handle references to sub items using the entity syntax. For example, if you want to reference Services.Support.Zope, you'll have to stick with the conventional DTML syntax, but if you just want to reference Zope, you can use the entity syntax. Now if you ever decide you want everything under /Services to use SSL, simply set a boolean property called SSL in the Services folder. Any link, anywhere on your site, to anything under the Services folder, will magically begin to use https. The SiteAccess product by Evan Simpson can be used to provide similar functionality. It's not as simple, and there are some issues when it comes to accessing the management interface. Also, there is no way to specify that individual documents in a non-SSL folder should be accessed via SSL (without a possibly complex SiteAccessRule). With SSLAbsoluteURL, you just set the SSL property on the document. If you come up with a clean solution using SiteAccess that is as flexible, please let me know. Comments/QuestionsIf you have any questions or comments, please let me know. Enjoy! |
Log in
Forgot your password?