Sometimes the Drupal interface to let you define which paths should be secured is not enough. Let's say for instance that we want to display the page user/[uid] with HTTP and every other path user/* with HTTPS.
With the default UI, you are stuck.

We need a way to alter those data.

CommentFileSizeAuthor
#2 securepages-2646042-alter_secured_paths-2.patch2.1 KBArtusamak
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Artusamak created an issue. See original summary.

Artusamak’s picture

Artusamak
he/him
Primary language French
Location Bzh
CreditAttribution: Artusamak at Happyculture commented
Status: Active » Needs review
FileSize
securepages-2646042-alter_secured_paths-2.patch2.1 KB

Here is a patch for that.

leopaccanaro’s picture

leopaccanaro CreditAttribution: leopaccanaro at CI&T commented

Doesn't the ignore pages field accomplish this?

If you keep pattern /user/* under HTTPS and list user/3 (for instance) within Ignore pages field, that should reflect as user 3 as the only one not having to forcedly access profile page under HTTPS.

Artusamak’s picture

Artusamak
he/him
Primary language French
Location Bzh
CreditAttribution: Artusamak at Happyculture commented

We can't edit the value each time a user is created.
The ignore pages list isn't dynamic either.

leopaccanaro’s picture

leopaccanaro CreditAttribution: leopaccanaro at CI&T commented

I noticed drupal_alter is within the if ($pages). So, if someone sets the whole site to be under HTTPs hook_securepages_match_alter will not be called. You might want give some warning about this.

Second, your example didn't work for me.

  elseif (preg_match('~^user/~', $path)) {
    $result = TRUE;
  }

Instead of ~^user/~, I tried ~^user$~ and it worked better - both www.domain.com/user and www.domain.com/user/.

Let me know if you want to address any of these so I can review.