ForceHTTPS setting implemented

13 years ago · 62efe0628f
parent a78ecfc564
commit 62efe0628f
5 changed files with 14 additions and 8 deletions
--- a/Builder/Builder.exe.config
+++ b/Builder/Builder.exe.config
@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?> 
 <configuration>
 	<appSettings>
-		<add key="WiXPath" value="C:\Program Files (x86)\Windows Installer XML v3\bin\"/>
+		<add key="WiXPath" value="C:\Program Files (x86)\Windows Installer XML v3.5\bin\"/>
 		<add key="SVNPath" value="C:\Program Files\SlikSvn\bin\"/>
 	</appSettings>
 </configuration>
--- a/Builder/IISMainHandler/build.txt
+++ b/Builder/IISMainHandler/build.txt
@ -1 +1 @@
-1899
+1903
--- a/Common/Config.cs
+++ b/Common/Config.cs
@ -38,6 +38,8 @@ namespace FLocal.Common {
 		public readonly HashSet<string> AdditionalHosts;
 		public readonly string CookiesPrefix;
 		public readonly bool forceHttps;
 		public readonly int MinPostId;
@ -59,6 +61,7 @@ namespace FLocal.Common {
 			this.BaseHost = data["BaseHost"];
 			this.AdditionalHosts = new HashSet<string>(from host in data["AdditionalHosts"].Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries) select host.Trim());
 			this.CookiesPrefix = data["CookiesPrefix"];
 			this.forceHttps = parseBool(data["ForceHTTPS"]);
 			this.MinPostId = int.Parse(data["MinPostId"]);
 			this.SessionLifetime = int.Parse(data["SessionLifetime"]);
 		}
--- a/IISMainHandler/MainHandler.cs
+++ b/IISMainHandler/MainHandler.cs
@ -15,11 +15,6 @@ namespace FLocal.IISHandler {
 		private void doProcessRequest(HttpContext httpcontext) {
 			Uri referer = httpcontext.Request.UrlReferrer;
 			if(referer != null && referer.PathAndQuery.StartsWith("/static") && !httpcontext.Request.Path.StartsWith("/static")) {
 				throw new HttpException(403, "You have come from the static page '" + referer + "'");
 			}
 			if(!Config.isInitialized) {
 				lock(typeof(Config)) {
 					if(!Config.isInitialized) {
@ -32,6 +27,14 @@ namespace FLocal.IISHandler {
 			if(!current.Host.EndsWith(Config.instance.BaseHost)) {
 				throw new FLocal.Core.FLocalException("Wrong host: " + current.Host + " (expected *" + Config.instance.BaseHost + ")");
 			}
 			if(Config.instance.forceHttps && !httpcontext.Request.IsSecureConnection) {
 				throw new FLocal.Core.FLocalException("Only HTTPS connections are allowed");
 			}
 			Uri referer = httpcontext.Request.UrlReferrer;
 			if(referer != null && referer.PathAndQuery.StartsWith("/static") && !httpcontext.Request.Path.StartsWith("/static")) {
 				throw new HttpException(403, "You have come from the static page '" + referer + "'");
 			}
 			WebContext context = new WebContext(httpcontext);
 			try {
--- a/IISMainHandler/WebContext.cs
+++ b/IISMainHandler/WebContext.cs
@ -179,7 +179,7 @@ namespace FLocal.IISHandler {
 		private void AddCommonData(HttpCookie cookie) {
 			cookie.HttpOnly = true;
-			cookie.Secure = true;
+			cookie.Secure = Config.instance.forceHttps;
 			cookie.Domain = "." + String.Join(".", this.httprequest.Url.Host.Split(".", StringSplitOptions.RemoveEmptyEntries).Slice(1).ToArray());
 			cookie.Path = "/";
 		}