Samuel Georges e3b42b2f10 Make cms.backendForceSecure an explicit setting ... This no longer hinges on app.debug because it creates confusion for devops engineers. This is based on three independent reports coming from app environments that use a reverse proxy. The engineer will follow the proper security instructions by disabling debug mode, which in turn creates an infinite redirect loop when opening the back-end area, only to leave them scratching their heads Ultimately it is the web server configuration's job to handle the enforcement of HTTPS, the app no longer enforces it as a strong opinion, but we still keep the setting available as a convenient security check for standard environments that do not use a reverse proxy		2020-01-18 18:05:26 +11:00
..
AssetMaker.php	Provide system.assets.beforeAddAsset event to modify asset attributes	2019-10-09 11:51:06 -06:00
ConfigMaker.php	Add missing documentation comment blocks for fired events (#4788)	2019-11-24 23:59:00 -06:00
EventEmitter.php	Extract child instructions	2018-08-15 19:25:42 +02:00
PropertyContainer.php	Add backend and notifications settings category	2017-06-05 17:36:44 +10:00
ResponseMaker.php	Add XSRF to backend, simplify CMS controller run() method	2019-11-02 19:14:45 +11:00
SecurityController.php	Make cms.backendForceSecure an explicit setting	2020-01-18 18:05:26 +11:00
ViewMaker.php	Remove unused imports	2018-08-24 19:51:59 +02:00