Open jakedaleweb opened 5 years ago
Ideally we'd support it there as well, but encourage people to configure their SSL rules in YAML (or htaccess if using Apache). This could probably be moved to a framework issue, since CanonicalURLMiddleware appears not to be compatible with Director::forceSSL().
Might also be best to update the docs to opt for the yaml configuration instead of a change in php
That's the goal that's spurred the investigation resulting in this issue @scott1702 :)
When using this part of the recipe on a cwp site, if a user sets
Director::forceSSL()
in their_config.php
, for example, their site will not redirect to https on all URLs.This is because this yaml block https://github.com/silverstripe/cwp-core/blob/master/_config/security.yml#L25 sets
ForceSSLPatterns
. In order to force SSL with Director a CWP user would have to set the following yaml:This isn't necessarily a bug, because the code is doing what it should, but the documentation probably needs to be updated to clarify why
Director::forceSSL()
doesn't work in_config.php
as people would usually expect.