I have been testing a few things out regarding securing pages (and unsecuring them). Problem My qp based app has a mix of pages that need to be secured and those that don't. Secured in this case simply means https and not necessarily logged in - i.e. user can be anonymous. Usually if the pages that do not require securing get secured as a result of the scheme change to https it does not matter. However, I have some pages that have large content levels and they do not need to be secured and nor should they for performance reasons. In fact I always want them to be unsecured. Solution Create the following new / updated methods on the site's Publisher class: ## code start + def unsecure(self): + ''' If the scheme is not http, + then redirect so that it will be. + ''' + + if get_request().get_scheme() == 'https': + self.redirect( self.complete_url('', unsecure=True) ) def complete_url(self, path, secure=False, unsecure=False): """(path:str, secure:bool=False) -> str Turn path into a complete url to this publisher, changing the scheme to https if secure is True. + And likewise changing the scheme to http if unsecure is True. + If both secure and unsecure are true then the page will be secured - fail safe. """ s = str(path) if not secure and s.startswith('http://'): return s if not unsecure and s.startswith('https://'): return s if secure: host, port = self.get_site().get_https_address() if not host: host = get_request().get_server().split(':')[0] if port == 443: address = str(host) else: address = "%s:%s" % (host, port) base = 'https://%s%s' % (address, get_request().get_path_query()) + elif unsecure: + host, port = self.get_site().get_http_address() + if not host: + host = get_request().get_server().split(':')[0] + if port == 80: + address = str(host) + else: + address = "%s:%s" % (host, port) + base = 'http://%s%s' % (address, + get_request().get_path_query()) else: base = get_request().get_url() return urljoin(base, self.complete_path(s)) ## code end Is this the right way to solve this problem? Tristan