[enh] Force HTTPS when set authentication headers (closes #3)

This commit is contained in:
Alexis Gavoty 2014-04-11 15:18:04 +02:00
parent 9bd01e9fb9
commit 78828028d3

View file

@ -200,6 +200,9 @@ function authenticate (user, password)
end end
function set_headers (user) function set_headers (user)
if ngx.var.scheme ~= "https" then
return redirect("https://"..ngx.var.http_host..ngx.var.uri)
end
user = user or ngx.var.cookie_SSOwAuthUser user = user or ngx.var.cookie_SSOwAuthUser
if not cache:get(user.."-password") then if not cache:get(user.."-password") then
flash("info", "Please log in to access to this content") flash("info", "Please log in to access to this content")