# HG changeset patch # User Julien Cristau # Date 1427790125 -7200 # Node ID d7c33cbdce8b62b21ad581ddbecabbf3bbd423b4 # Parent a4af502191d5c4e0197447eec4eefb24adb0b2c4 [web] kill https-deny-anonymous option (closes #5193687) It doesn't make much sense to prevent people from using https. diff -r a4af502191d5 -r d7c33cbdce8b web/application.py --- a/web/application.py Thu Jan 29 10:54:41 2015 +0100 +++ b/web/application.py Tue Mar 31 10:22:05 2015 +0200 @@ -365,12 +365,6 @@ # several cubes like registration or forgotten password rely on # this principle. - # DENY https acces for anonymous_user - if (req.https - and req.session.anonymous_session - and self.vreg.config['https-deny-anonymous']): - # don't allow anonymous on https connection - raise AuthenticationError() # nested try to allow LogOut to delegate logic to AuthenticationError # handler try: diff -r a4af502191d5 -r d7c33cbdce8b web/views/basetemplates.py --- a/web/views/basetemplates.py Thu Jan 29 10:54:41 2015 +0100 +++ b/web/views/basetemplates.py Tue Mar 31 10:22:05 2015 +0200 @@ -514,10 +514,6 @@ if config['auth-mode'] != 'http': self.login_form(id) # Cookie authentication w(u'') - if self._cw.https and config.anonymous_user()[0] and config['https-deny-anonymous']: - path = xml_escape(config['base-url'] + self._cw.relative_path()) - w(u'
%s
\n' - % (path, self._cw._('No account? Try public access at %s') % path)) w(u'\n') def login_form(self, id): diff -r a4af502191d5 -r d7c33cbdce8b web/webconfig.py --- a/web/webconfig.py Thu Jan 29 10:54:41 2015 +0100 +++ b/web/webconfig.py Tue Mar 31 10:22:05 2015 +0200 @@ -124,16 +124,6 @@ 'where the cubicweb web server is listening on port 8080.', 'group': 'main', 'level': 3, }), - ('https-deny-anonymous', - {'type': 'yn', - 'default': False, - 'help': 'Prevent anonymous user to browse through https version of ' - 'the site (https-url). Login form will then be displayed ' - 'until logged', - 'group': 'web', - 'level': 2 - } - ), ('auth-mode', {'type' : 'choice', 'choices' : ('cookie', 'http'),