if a cert is configured and a secure port is live it will set the
redirect flag in http-config.state.
When it gets a ++request it will return a 301 redirect to
https://[host]/[path] if:
1. not already secure
2. redirect flag set
3. secure port live
4. is not requesting /.well-known/acme-challenge/...
5. the host is in domains.state
It will not happen if forwarded-secured, localhost, local loopback, ip
addresses or domains not in domains.state.
in ++load it checks the secure port is live and a cert is set and
enables it if so (for people who already use in-urbit letencrypt)
%rule %cert tasks also toggle it (only turning it on if secure port
live)
%live tasks also toggle it (only turning it on if cert set)
Have tested with a couple of ships and seems to work fine.
This is useful in combination with pyry's auto arvo.network dns config
system - can finally get rid of reverse proxies entirely.
+sign:schnorr crashes on `=(0 sk)`, so the bounds checking code is not
exercised for sk=0. It also crashes on `(gte sk n.domain.c)`, which is
redundant with the size check on sk, so we remove that.
The previous value—used for testing—didn't consider
block reorgs, which meant that if we zoom to the latest
block that has no transactions, but that gets later replaced
by a 1-block reorg that does have a transaction, we'll miss it,
making our Azimuth state incomplete.
To fix it, we rewind the Azimuth state to the contents of the snapshot,
and then start retrieving logs from the latest one we have.
No mark files exist for any of the drum marks, so trying to poke remote drums
would fail anyway, but relying on the mark system in that way seems a bit
fragile, so we add an explicit permission check.
No mark files exist for any of the helm marks (except `%helm-hi`), so trying to
poke remote helms would fail anyway, but relying on the mark system in that way
seems a bit fragile, so we add an explicit permission check.
* master:
[nix] track nixos-21.11 branch whenever niv updates, bump to include qemu-in-virtualization fix
webterm: v1.0.0
herm: permission checks
herm: avoid trailing empty path segments
pmnsh: update secp256k1 configure flags
secp256k1: use nixpkgs provided secp256k1 and add to sources-pmnsh
webterm: remove border, let term live in page
theme: cleaning up a few mismatches
webterm: handle old-style blits and belts
build: correct lmdb static builds
build: explicitly override h2o build platforms to support darwin
ci: upgrade cachix/install-nix-action from v13 -> v16
build: remove haskell related nix code and haskell.nix dependency
webterm: update imports
@urbit/api: move term types
webterm: fix broken imports
webterm: update package name for lerna
webterm: commit missing api files
webterm: backport