Don't apply `security.require-https` to intracluster requests
66366137ffa9
Actions

Authored by epriestley <git@epriestley.com> on Apr 13 2016, 14:52.

Description

Don't apply security.require-https to intracluster requests

Summary:
Ref T10784. Currently, if you terminate SSL at a load balancer (very common) and use HTTP beyond that, you have to fiddle with this setting in your premable or a SiteConfig.

On the balance I think this makes stuff much harder to configure without any real security benefit, so don't apply this option to intracluster requests.

Also document a lot of stuff.

Test Plan: Poked around locally but this is hard to test outside of a production cluster, I'll vet it more thoroughly on secure.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10784

Differential Revision: https://secure.phabricator.com/D15696

Details

Committed

epriestley <git@epriestley.com>

Apr 13 2016, 21:51

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH99be132ea21e: Allow public users to make intracluster API requests

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH66366137ffa9: Don't apply `security.require-https` to intracluster requests (authored by epriestley <git@epriestley.com>).Apr 13 2016, 21:51

Changes (7)

				Path
	M			src/aphront/configuration/AphrontApplicationConfiguration.php
	M			src/aphront/site/PhabricatorSite.php
	M			src/applications/config/option/PhabricatorClusterConfigOptions.php
	M			src/applications/config/option/PhabricatorSecurityConfigOptions.php
	M			src/docs/user/cluster/cluster.diviner
	M			src/docs/user/cluster/cluster_databases.diviner
	M			src/docs/user/cluster/cluster_repositories.diviner