Hi,
How would you go about implementing a 'secure' form (SSL) on a SilverStripe site? The form deals with sensitive data and requires SSL for this form.
Is forceSSL() the only way, and are there any examples on how to use forceSSL()?
Thank you.
VWD.
We've moved the forum!
Please use forum.silverstripe.org for any new questions
(announcement).
The forum archive will stick around, but will be read only.
You can also use our Slack channel
or StackOverflow to ask for help.
Check out our community overview for more options to contribute.
I use a couple of functions that based on "logic" are called from within the Page_Controller init method ...
public static function ForceSSL(){
if((Director::protocol() != "https://")) { // echo 'REDIRECTING'; die();
$destURL = str_replace('http:', 'https:', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1><p>Please <a href=\"$destURL\">click here</a>");
}
}
public static function ForceNoneSSL(){
if(Director::protocol() != "http://") {
$destURL = str_replace('https:', 'http:', Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1><p>Please <a href=\"$destURL\">click here</a>");
}
}Also to contridict Devlin you can use a single installation (of silverstipe) and swtich between the two retaining you session (based on using plesk and checking a couple of boxes). I was initially down hearted to hear that the session would be destroied on switching between the too and I'd need two installations.
