diff options
| author | Amitai Schlair <schmonz-web-ikiwiki@schmonz.com> | 2014-10-14 18:19:09 -0400 |
|---|---|---|
| committer | Amitai Schlair <schmonz-web-ikiwiki@schmonz.com> | 2014-10-14 18:19:09 -0400 |
| commit | ed35163be0bf9c4c41f9c5614e906cdac8d7ee69 (patch) | |
| tree | 91cde9f827f01689ae5622e8c70f799d4a875a70 /doc | |
| parent | 194c0a1084f442f220226fe46fef07e9282b80b5 (diff) | |
| download | ikiwiki-ed35163be0bf9c4c41f9c5614e906cdac8d7ee69.tar ikiwiki-ed35163be0bf9c4c41f9c5614e906cdac8d7ee69.tar.gz | |
one report suffices; not yet clear there's a bug
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/bugs/HTTPS_edit_required_no_authentication.mdwn | 9 | ||||
| -rw-r--r-- | doc/forum/HTTPS_edit_required_no_authentication.mdwn | 2 |
2 files changed, 0 insertions, 11 deletions
diff --git a/doc/bugs/HTTPS_edit_required_no_authentication.mdwn b/doc/bugs/HTTPS_edit_required_no_authentication.mdwn deleted file mode 100644 index e7793dc4d..000000000 --- a/doc/bugs/HTTPS_edit_required_no_authentication.mdwn +++ /dev/null @@ -1,9 +0,0 @@ -Hello, - -I've setup authentication on my ikiwiki website using httpauth plugin. I've also disabled anonok, openid and passwordauth so that httpauth is the unique authentication method. -I've configured the `cgiauthurl` to https://example.com/auth/ikiwiki.cgi in order to make the authentication more secured (password is never sent in clear). My `url` points to http://example.com/ and my `cgiurl` points to http://example.com/ikiwiki.cgi . - -When I try to edit a page accessed by http, everything works fine: there is a redirection to https://example.com/auth/ikiwiki.cgi (defined in `cgiauthurl`) and my browser launches an HTTP Basic Authentication login form. -But when I try to edit a page accessed by https there is no redirection to the `cgiauthurl` url. Instead, I can edit (and save) the page without authentication. I've tried this with a fresh new browser session where I have never been asked for authentication before. It seems that editing pages directly from https://example.com/ikiwiki.cgi?page=page&do=edit works without authentication... - -I think that the Ikiwiki CGI do not redirect to `cgiauthurl` when it is accessed by HTTPS. diff --git a/doc/forum/HTTPS_edit_required_no_authentication.mdwn b/doc/forum/HTTPS_edit_required_no_authentication.mdwn index 033033f49..4afc134b3 100644 --- a/doc/forum/HTTPS_edit_required_no_authentication.mdwn +++ b/doc/forum/HTTPS_edit_required_no_authentication.mdwn @@ -1,7 +1,5 @@ Hello, -I've already [[sent a bug|/bugs/HTTPS_edit_required_no_authentication/]] but I think that discussion can also help... - I've setup authentication on my ikiwiki website using httpauth plugin. I've also disabled anonok, openid and passwordauth so that httpauth is the unique authentication method. I've configured the `cgiauthurl` to https://example.com/auth/ikiwiki.cgi in order to make the authentication more secured (password is never sent in clear). My `url` points to http://example.com/ and my `cgiurl` points to http://example.com/ikiwiki.cgi . When I try to edit a page accessed by http, everything works fine: there is a redirection to https://example.com/auth/ikiwiki.cgi (defined in `cgiauthurl`) and my browser launches an HTTP Basic Authentication login form. But when I try to edit a page accessed by https there is no redirection to the `cgiauthurl` url. Instead, I can edit (and save) the page without authentication. I've tried this with a fresh new browser session where I have never been asked for authentication before. It seems that editing pages directly from https://example.com/ikiwiki.cgi?page=page&do=edit works without authentication... |