Fórumok

  1. Nyitólap
  2. Portal
  3. Secure vs Insecure Pages

Secure vs Insecure Pages

c s, módosítva 10 év-val korábban

Secure vs Insecure Pages

New Member Bejegyzések: 8 Csatlakozás dátuma: 2013.09.11. Legújabb bejegyzések
I have a Liferay site that is accessible over https. One of the pages on the site has an iFrame portlet and if I try to open a URL that is only accessible over HTTP in the iframe, I get a security exception, that the page is blocked and should be accessed over https. What I want to do is enable HTTPS for all pages of the portal except the page with iframe portlet. Is there any way out of the box in Liferay to do this? Another option is that I use another domain that is only accessible over HTTP for the iframe page. How can that be achieved?

Thanks
thumbnail
Mika Koivisto, módosítva 10 év-val korábban

RE: Secure vs Insecure Pages

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
It's the browser that is blocking it. It's usually a really bad idea to embed unsecure content with secure.
c s, módosítva 10 év-val korábban

RE: Secure vs Insecure Pages

New Member Bejegyzések: 8 Csatlakozás dátuma: 2013.09.11. Legújabb bejegyzések
I understand it is the browser displaying the error. My question related to Liferay is whether it is possible to set some attribute on a page so that only that page can be accessed over HTTP while the rest of the portal is accessible over HTTPS only? There is a risk if I enable unsecure access for all my pages. I want to restrict it to just that page. I know some of the other CMS solutions can handle that. Is there any such functionality available in Liferay?

Thanks
thumbnail
Mika Koivisto, módosítva 10 év-val korábban

RE: Secure vs Insecure Pages

Liferay Legend Bejegyzések: 1519 Csatlakozás dátuma: 2006.08.07. Legújabb bejegyzések
That has nothing to do with Liferay and everything to do with browser security.
c s, módosítva 10 év-val korábban

RE: Secure vs Insecure Pages

New Member Bejegyzések: 8 Csatlakozás dátuma: 2013.09.11. Legújabb bejegyzések
I understand all the browser security issues. Let me try to clarify one more time what I am asking for from Liferay's perspective.
Here is an example. Let's assume my portal is in domain https://test.com. The portal has several pages and PageY is the one with IFrame portlet. I know that I can enable both http and https on the domain name and it would solve my problem (easy right). However I do not want users to navigate the rest of my portal pages over HTTP. What I want Liferay is to enforce https on all pages in the portal (except one page).
So if user types in the URL for any page other than PageY over http (example http://text.xom/pageX), Liferay should automatically redirect to https://test.com/pageX. Can that be done?

Thanks