# HG changeset patch # User Pierre-Yves David # Date 1325609971 -3600 # Node ID 3ed48646f3545bd6c9e86c5859c5c5b51ed64d1c # Parent b7a195d54fd4295c64ee442e183dd30a24170e21 [https] Allow configuration of anonymous access on https (closes #1971992) For now any anonymous access in denied on secured connection (https-url). This patch introduce a configuration option to control this behaviour. New instance will allow it. Old instance should stay as is during migration. diff -r b7a195d54fd4 -r 3ed48646f354 etwist/server.py --- a/etwist/server.py Tue Jan 03 17:00:43 2012 +0100 +++ b/etwist/server.py Tue Jan 03 17:59:31 2012 +0100 @@ -340,7 +340,7 @@ self.appli.connect(req) except Redirect, ex: return self.redirect(request=req, location=ex.location) - if https and req.session.anonymous_session: + if https and req.session.anonymous_session and self.config['https-deny-anonymous']: # don't allow anonymous on https connection return self.request_auth(request=req) if self.url_rewriter is not None: diff -r b7a195d54fd4 -r 3ed48646f354 misc/migration/3.14.3_Any.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/misc/migration/3.14.3_Any.py Tue Jan 03 17:59:31 2012 +0100 @@ -0,0 +1,2 @@ +# keep the same behavior on existing instance but use the new one on new instance. +config['https-deny-anonymous'] = True diff -r b7a195d54fd4 -r 3ed48646f354 web/webconfig.py --- a/web/webconfig.py Tue Jan 03 17:00:43 2012 +0100 +++ b/web/webconfig.py Tue Jan 03 17:59:31 2012 +0100 @@ -115,6 +115,16 @@ 'where the cubicweb web server is listening on port 8080.', 'group': 'main', 'level': 3, }), + ('https-deny-anonymous', + {'type': 'string', + 'default': False, + 'help': 'Prevent anonymous user to browse thought https version of ' + 'the site (https-url). Login form will then be displayed ' + 'until logged', + 'group': 'web', + 'level': 2 + } + ), ('auth-mode', {'type' : 'choice', 'choices' : ('cookie', 'http'),