> I'd be very happy to commit this, as I have been testing already some
> very similar changes locally as they relate to the AuthProxy branch.
> Just one question: can you let me know a quick test case where the
> changes to RemoteRequest.js are necessary? I am familiar with the
> redirect problems which are fixed by your change to network.js, but
> haven't run into cases where the other fix is needed yet. I'll also
> admit I haven't looked really hard at this point, but I am betting you
> had a case in mind when you made the change.
It is a bit of a sledgehammer. An alternative would be to tweak the
secure flags for the simple_request calls that appear in menu.js,
though that would affect their use in remote xul as well, or make an
alternate entries in constants.js for menu.js to use, or perhaps send
an explicit secure flag through the simple_request invocations.
Some examples of affected actions include Search -> Search for Record
by TCN and Circulation -> Replace Barcode. The non-SSL POST requests
from them would break if Apache was doing aggressive rewriting.
> I'd be very happy to commit this, as I have been testing already some
> very similar changes locally as they relate to the AuthProxy branch.
> Just one question: can you let me know a quick test case where the
> changes to RemoteRequest.js are necessary? I am familiar with the
> redirect problems which are fixed by your change to network.js, but
> haven't run into cases where the other fix is needed yet. I'll also
> admit I haven't looked really hard at this point, but I am betting you
> had a case in mind when you made the change.
It is a bit of a sledgehammer. An alternative would be to tweak the
secure flags for the simple_request calls that appear in menu.js,
though that would affect their use in remote xul as well, or make an
alternate entries in constants.js for menu.js to use, or perhaps send
an explicit secure flag through the simple_request invocations.
Some examples of affected actions include Search -> Search for Record
by TCN and Circulation -> Replace Barcode. The non-SSL POST requests
from them would break if Apache was doing aggressive rewriting.