RE: [coldbox:3826] Re: SSL Interceptor Regex...

It sounds like what you're saying is that you want all links on an
un-secure page to be built http, and all links on a secure page to be
built https. This can be handy for stuff like images in a page that
might be accessed via http OR https and you need the image URLs to be
secure or un-secure so browsers don't complains about un-secure content.

I'm not positive if CB 3 has a better way to solve that, but in 2.6.3 I
handled it by implementing a request context decorator that replaced the
buildLink method to build all links using the same prototcol that the
main event was being accessed with.

Of course, I will have an SSL interceptor that bounces you back and
forth to and from SSL where necessary.

~Brad

Yes, what Brad said is what I'm looking for. It makes more sense to me
to have all the links on a https page also be https by default. Then,
have the SSL interceptor take care of relocating to http if https is
not needed on a linking page.

This alleviates having to add Event.setSESBaseURL("https://
#cgi.HTTP_HOST#") to every handler file that needs SSL, or having to
add ssl=true to the buildLink method.

I believe it would also allow you to use relative links if you wanted
to (?), like:
<form name="Login" method="post" action="/security/dologin">

Does that make sense?

T

Then you do a combination of things.

You can at preProcess, depending on the event decide if all your links should be built with ssl or not. You do this by overriding the base url with event.setSESBaseURL(). Then when you want a-la-carte links to be built WITHOUT ssl, you use the buildLink() arguments of baseURL

event.buildLink(linkTo="", baseURL=“URL with no SSL”)

Luis F. Majano
President
Ortus Solutions, Corp

ColdBox Platform: http://www.coldbox.org
Linked In: http://www.linkedin.com/pub/3/731/483
Blog: http://www.luismajano.com
IECFUG Manager: http://www.iecfug.com

Thanks Luis, that's basically what I'm doing now and it works fine. It
just seems like a lot more maintenance than something like:

// Base URL
if(isSSLRequired(event) ){
  setBaseURL("https://#cgi.HTTP_HOST#");
}

That being said, I should probably let it go.

I really really appreciate all the feedback.

T