From 8ecb3ad6ecc8d636fb205895d736108cbc8083a1 Mon Sep 17 00:00:00 2001 From: "mkanat%bugzilla.org" <> Date: Fri, 9 Oct 2009 04:31:08 +0000 Subject: Bug 514913: Eliminate ssl="authenticated sessions" Patch by Max Kanat-Alexander r=dkl, a=mkanat --- Bugzilla/WebService/Server.pm | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'Bugzilla/WebService') diff --git a/Bugzilla/WebService/Server.pm b/Bugzilla/WebService/Server.pm index dfb9f559a..2db182fd4 100644 --- a/Bugzilla/WebService/Server.pm +++ b/Bugzilla/WebService/Server.pm @@ -17,26 +17,12 @@ package Bugzilla::WebService::Server; use strict; -use Bugzilla::Util qw(ssl_require_redirect); sub handle_login { my ($self, $class, $method, $full_method) = @_; eval "require $class"; return if $class->login_exempt($method); Bugzilla->login(); - - # Even though we check for the need to redirect in - # Bugzilla->login() we check here again since Bugzilla->login() - # does not know what the current XMLRPC method is. Therefore - # ssl_require_redirect in Bugzilla->login() will have returned - # false if system was configured to redirect for authenticated - # sessions and the user was not yet logged in. - # So here we pass in the method name to ssl_require_redirect so - # it can then check for the extra case where the method equals - # User.login, which we would then need to redirect if not - # over a secure connection. - Bugzilla->cgi->require_https(Bugzilla->params->{'sslbase'}) - if ssl_require_redirect($full_method); } 1; -- cgit v1.2.3-24-g4f1b