mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 14:00:56 +01:00
Lock "security.require-https" from web edits
Summary: This can be used to lock yourself out of an instance, so prevent web edits. Test Plan: Loaded page, wasn't web-editable. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D8572
This commit is contained in:
parent
3d639f5f98
commit
221222ad7a
1 changed files with 5 additions and 6 deletions
|
@ -52,8 +52,9 @@ final class PhabricatorSecurityConfigOptions
|
|||
"want (to any other string), but doing so will break existing ".
|
||||
"sessions and CSRF tokens.")),
|
||||
$this->newOption('security.require-https', 'bool', false)
|
||||
->setLocked(true)
|
||||
->setSummary(
|
||||
pht("Force users to connect via https instead of http."))
|
||||
pht("Force users to connect via HTTPS instead of HTTP."))
|
||||
->setDescription(
|
||||
pht(
|
||||
"If the web server responds to both HTTP and HTTPS requests but ".
|
||||
|
@ -67,15 +68,13 @@ final class PhabricatorSecurityConfigOptions
|
|||
"balancer which terminates HTTPS connections and you can not ".
|
||||
"reasonably configure more granular behavior there.\n\n".
|
||||
|
||||
"NOTE: Phabricator determines if a request is HTTPS or not by ".
|
||||
"examining the PHP \$_SERVER['HTTPS'] variable. If you run ".
|
||||
"IMPORTANT: Phabricator determines if a request is HTTPS or not ".
|
||||
"by examining the PHP \$_SERVER['HTTPS'] variable. If you run ".
|
||||
"Apache/mod_php this will probably be set correctly for you ".
|
||||
"automatically, but if you run Phabricator as CGI/FCGI (e.g., ".
|
||||
"through nginx or lighttpd), you need to configure your web ".
|
||||
"server so that it passes the value correctly based on the ".
|
||||
"connection type. Alternatively, you can add a PHP snippet to ".
|
||||
"the top of this configuration file to directly set ".
|
||||
"\$_SERVER['HTTPS'] to the correct value."))
|
||||
"connection type."))
|
||||
->setBoolOptions(
|
||||
array(
|
||||
pht('Force HTTPS'),
|
||||
|
|
Loading…
Reference in a new issue