firegento-magesetup
firegento-magesetup copied to clipboard
Notification about https requirement [DSGVO|GDPR]
Uses parts of https://github.com/ikonoshirt/StrictTransportSecurity to compare insecure/base_url and secure/base_url and renders a backend warning about https:// requirement.
jonas and carsten (maxcluster) create a proof of concept for the open question: if varnish SSL offloading is used and both urls are configured to be https:// do we end up in a redirect-loop?
we tested this out and using https for both secure and unsecure url is fine as magento is correctly detecting this when the OFFLOADING headers are set up correctly