Jump to:

23361 Posts in 18124 Topics by 2862 members

General Questions

SilverStripe Forums » General Questions » Problem with base_tag and https

General questions about getting started with SilverStripe that don't fit in any of the categories above.

Moderators: martimiz, Sean, biapar, Willr, Ingo, swaiba, simon_w

Page: 1
Go to End
Author Topic: 1573 Views
  • rsouthgate
    Avatar
    Community Member
    10 Posts

    Problem with base_tag and https Link to this post

    Hi All,
    I'm looking for advice on how to handle an unusual set up. I have a silverstripe site that is supposed to be accessible through both https and http. The site is load balanced and the load balancer handles the ssl decryption and passes all traffic to the apache server as standard http on port 80 for http and another port for https. Some header rewriting takes place to get everything working and most things do!

    My problem is that the base tag always starts http which causes a security warning to pop up in IE about unsecured content when the site is viewed over https. Curiously Safari and Firefox don't seem to care - but that's not a problem. So I'm stuck as to how to fix this and I'm looking for suggestions.

    One thing I tried was setting base_tag in SSViewer to Director::baseURL rather than Director::absoluteBaseUrl with a config option setting baseURL to "/". Sadly FF3.5 and IE8 + didn't like a relative link here and ignored the base tag, which is fair enough since he spec says the base href must be absolute (Safari didn't care though!).

    I have access to header rewrite rules at the load balancer but I cannot rewrite the body... I'm looking at this line in the protocolAndHost method of Director.php:

    $s = (isset($_SERVER['SSL']) || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')) ? 's' : '';

    and I'm wondering if I can add any headers that will make one of those conditions equate to true even when the traffic is not encrypted.

  • chadws
    Avatar
    Community Member
    9 Posts

    Re: Problem with base_tag and https Link to this post

    Hopefully you figured this out, but I wanted to post a reply to save others time looking. After doing some reading I found an article where microsoft proxies add a header "Front_End_Http" with a value of "on" if ssl is offoaded to the proxy and "off" if it is not.

    I altered my Load Balancer configuration to include this HTTP Header and then modified the Director.php protocol function to as follows:

    /**
    * Return the current protocol that the site is running under
    *
    * @return String
    */
    static function protocol() {
    return ( isset($_SERVER['SSL'])
    || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
    || (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] != 'on')
    ) ? 'https://' : 'http://';
    }

    This will identify the protocol as ssl if the Front_End_Https header is set.

  • chadws
    Avatar
    Community Member
    9 Posts

    Re: Problem with base_tag and https Link to this post

    typo != 'on' should be == 'on'

    /**
    * Return the current protocol that the site is running under
    *
    * @return String
    */
    static function protocol() {
    return ( isset($_SERVER['SSL'])
    || (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
    || (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && $_SERVER['HTTP_FRONT_END_HTTPS'] == 'on')
    ) ? 'https://' : 'http://';
    }

  • Willr
    Avatar
    Forum Moderator
    5483 Posts

    Re: Problem with base_tag and https Link to this post

    Thanks for investigating this chadws. If you haven't already it might be good to submit this change as a patch to open.silverstripe.org. We can then look to get it integrated into the core so other users won't have such an issue!

    1573 Views
Page: 1
Go to Top

Want to know more about the company that brought you SilverStripe? Then check out SilverStripe.com

Comments on this website? Please give feedback.