Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

General Questions /

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Problem with base_tag and https


Reply


4 Posts   1753 Views

Avatar
rsouthgate

Community Member, 10 Posts

15 April 2010 at 3:11pm

Hi All,
I'm looking for advice on how to handle an unusual set up. I have a silverstripe site that is supposed to be accessible through both https and http. The site is load balanced and the load balancer handles the ssl decryption and passes all traffic to the apache server as standard http on port 80 for http and another port for https. Some header rewriting takes place to get everything working and most things do!

My problem is that the base tag always starts http which causes a security warning to pop up in IE about unsecured content when the site is viewed over https. Curiously Safari and Firefox don't seem to care - but that's not a problem. So I'm stuck as to how to fix this and I'm looking for suggestions.

One thing I tried was setting base_tag in SSViewer to Director::baseURL rather than Director::absoluteBaseUrl with a config option setting baseURL to "/". Sadly FF3.5 and IE8 + didn't like a relative link here and ignored the base tag, which is fair enough since he spec says the base href must be absolute (Safari didn't care though!).

I have access to header rewrite rules at the load balancer but I cannot rewrite the body... I'm looking at this line in the protocolAndHost method of Director.php:

$s = (isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) ? 's' : '';

and I'm wondering if I can add any headers that will make one of those conditions equate to true even when the traffic is not encrypted.

Avatar
chadws

Community Member, 9 Posts

28 September 2010 at 7:49am

Hopefully you figured this out, but I wanted to post a reply to save others time looking. After doing some reading I found an article where microsoft proxies add a header "Front_End_Http" with a value of "on" if ssl is offoaded to the proxy and "off" if it is not.

I altered my Load Balancer configuration to include this HTTP Header and then modified the Director.php protocol function to as follows:

/**
* Return the current protocol that the site is running under
*
* @return String
*/
static function protocol() {
return ( isset($_SERVER['SSL'])
|| (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
|| (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] != 'on')
) ? 'https://' : 'http://';
}

This will identify the protocol as ssl if the Front_End_Https header is set.

Avatar
chadws

Community Member, 9 Posts

28 September 2010 at 7:55am

typo != 'on' should be == 'on'

/**
* Return the current protocol that the site is running under
*
* @return String
*/
static function protocol() {
return ( isset($_SERVER['SSL'])
|| (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
|| (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] == 'on')
) ? 'https://' : 'http://';
}

Avatar
Willr

Forum Moderator, 5513 Posts

28 September 2010 at 10:30pm

Thanks for investigating this chadws. If you haven't already it might be good to submit this change as a patch to open.silverstripe.org. We can then look to get it integrated into the core so other users won't have such an issue!