Page MenuHomePhabricator
Differential D15696

Don't apply `security.require-https` to intracluster requests
ClosedPublic
Actions

Authored by epriestley on Apr 13 2016, 1:17 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Feb 16, 6:39 AM
Unknown Object (File)
Sun, Feb 9, 1:17 AM
Unknown Object (File)
Sun, Feb 9, 1:17 AM
Unknown Object (File)
Sun, Feb 9, 1:16 AM
Unknown Object (File)
Sun, Feb 9, 1:16 AM
Unknown Object (File)
Tue, Feb 4, 10:11 AM
Unknown Object (File)
Tue, Jan 28, 1:15 AM
Unknown Object (File)
Fri, Jan 24, 1:04 PM
View All Files
Subscribers
None

Details

Reviewers
chad
Maniphest Tasks
T10784: Deploy secure002.phacility.net
Commits
rP66366137ffa9: Don't apply `security.require-https` to intracluster requests
Summary

Ref T10784. Currently, if you terminate SSL at a load balancer (very common) and use HTTP beyond that, you have to fiddle with this setting in your premable or a SiteConfig.

On the balance I think this makes stuff much harder to configure without any real security benefit, so don't apply this option to intracluster requests.

Also document a lot of stuff.

Test Plan

Poked around locally but this is hard to test outside of a production cluster, I'll vet it more thoroughly on secure.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 37818.Apr 13 2016, 1:17 PM
epriestley retitled this revision from to Don't apply `security.require-https` to intracluster requests.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
epriestley added a task: T10784: Deploy secure002.phacility.net.
epriestley mentioned this in T10784: Deploy secure002.phacility.net.Apr 13 2016, 1:22 PM
chad accepted this revision.Apr 13 2016, 4:28 PM
chad edited edge metadata.
chad added inline comments.
src/docs/user/cluster/cluster.diviner
96

accessing? or access to?

This revision is now accepted and ready to land.Apr 13 2016, 4:28 PM
epriestley updated this revision to Diff 37825.Apr 13 2016, 4:36 PM
epriestley edited edge metadata.
  • Add missing "access to".
Closed by commit rP66366137ffa9: Don't apply `security.require-https` to intracluster requests (authored by epriestley, committed by epriestley). · Explain WhyApr 13 2016, 7:51 PM
This revision was automatically updated to reflect the committed changes.
epriestley mentioned this in T10751: Make Phabricator Highly Available.Apr 14 2016, 5:50 PM

Revision Contents
Changeset List

PathSize
src/
aphront/
configuration/
12 lines
site/
9 lines
applications/
config/
option/
23 lines
13 lines
docs/
user/
cluster/
76 lines
12 lines
26 lines

Diff 37832

View Options

src/aphront/configuration/AphrontApplicationConfiguration.php

Loading...
View Options

src/aphront/site/PhabricatorSite.php

Loading...
View Options

src/applications/config/option/PhabricatorClusterConfigOptions.php

Loading...
View Options

src/applications/config/option/PhabricatorSecurityConfigOptions.php

Loading...
View Options

src/docs/user/cluster/cluster.diviner

Loading...
View Options

src/docs/user/cluster/cluster_databases.diviner

Loading...
View Options

src/docs/user/cluster/cluster_repositories.diviner

Loading...
Phabricator · Built by Phacility