Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Comments on "Confirm my account" link shows as https in development

Post

"Confirm my account" link shows as https in development Question

+1
−0

As instructed in the "Create administrator account" section of the QPixel Installation guide I created a second new user through the user interface (clicking "Sign Up") in my local development instance of QPixel. I then visited http://localhost:3000/letter_opener in order to see the registration email containing the "Confirm my account" link. However, clicking on that link gave me an error page in Firefox:

SSL received a record that exceeded the maximum permissible length

It turned out that this was because the link started with https instead of http. Fixing this resulted in the page loading correctly and displaying:

Your email address has been successfully confirmed

Is this evidence of something incorrect about my local development instance? If not, is this something everyone has to do when confirming an email address in development for QPixel? If so, would it be useful to have the code check whether we are in development and display an http link instead of an https link in that case? Would this cause any problems or risks?

History
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

1 comment thread

Dev vs prod (4 comments)
Dev vs prod
Monica Cellio‭ wrote over 1 year ago

If production systems are supposed to use https (I don't know if that's the case), then instead of the code trying to detect dev vs. prod (can it know?), I'd rather update the instructions for dev to say "change that".

trichoplax‭ wrote over 1 year ago · edited over 1 year ago

In production it needs to be https for security, so that only the signed in user can save things in their own name.

QPixel is already set up to detect when it is in development (for example, it displays "This site is in development mode" as a banner at the top of the page), so the option is there to vary behaviour between development and production. I'm just not sure whether there's a reason to avoid this particular variation.

Monica Cellio‭ wrote over 1 year ago

Oh yeah, you're right -- that banner was right there and I still forgot about it.

trichoplax‭ wrote over 1 year ago

That's the trouble with things that are always present - they stop standing out...