Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force HTTPS on HttpLoader #297

Open
filip26 opened this issue Dec 5, 2023 · 4 comments
Open

Force HTTPS on HttpLoader #297

filip26 opened this issue Dec 5, 2023 · 4 comments
Labels
enhancement New feature or request

Comments

@filip26
Copy link
Owner

filip26 commented Dec 5, 2023
edited

Is your feature request related to a problem? Please describe.
HttpLoader does not distinguish between http and https.

Describe the solution you'd like

HtttpLoader.defaultInstance().httpsOnly()

Describe alternatives you've considered
Wrapping custom DocumentLoader enforcer. e.g. SchemeRouter
@filip26 filip26 added this to the 1.4.0 milestone Dec 5, 2023
@skodapetr
Copy link
Contributor

Could we just remove "http" from SchemaRouter to get the same effect, that is to disable http?

@filip26
Copy link
Owner Author

filip26 commented Dec 18, 2023

@skodapetr that's not the same as allowing to enforce it. e.g. You can pass DefaultHttpLoader directly as a document loader, no need to wrap into SchemaRouter if you don't intend to support more protocols.

@skodapetr
Copy link
Contributor

So the idea is to add a "switch" httpsOnly to DefaultHttpLoader. When switch on, every http request is replaced with https request. Is that correct?

Should there be a method to turn this back off?

@filip26
Copy link
Owner Author

filip26 commented Dec 18, 2023
edited

So the idea is to add a "switch" httpsOnly to DefaultHttpLoader. When switch on, every http request is replaced with https request. Is that correct?

that's one option, I'm thinking about extending HttpClient interface of a new getter/setter.

 setHttpsPolicy(Optional|Required|Enforced);

Optional - same as now, both http and https get through
Required - http requests are rejected, an exception is thrown
Enforced - http requests are rewritten to https

@filip26 filip26 added the enhancement New feature or request label Jan 24, 2024
@filip26 filip26 removed this from the 1.4.0 milestone Feb 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@filip26 @skodapetr