| Summary | Horde::url and 'use_ssl' difference. |
| Queue | Horde Framework Packages |
| Queue Version | FRAMEWORK_3 |
| Type | Bug |
| State | Not A Bug |
| Priority | 1. Low |
| Owners | |
| Requester | fzipi (at) fing (dot) edu (dot) uy |
| Created | 04/26/2006 (7115 days ago) |
| Due | |
| Updated | 04/29/2006 (7112 days ago) |
| Assigned | |
| Resolved | 04/29/2006 (7112 days ago) |
| Github Issue Link | |
| Github Pull Request | |
| Milestone | |
| Patch | No |
State ⇒ Not A Bug
a bug somewhere :)
the configuration. You probably didn't even finish the installation.
great generating 'https' urls, but then if I'm using https already
after login urls are changed to 'http'.
State ⇒ Unconfirmed
Priority ⇒ 1. Low
Type ⇒ Bug
Summary ⇒ Horde::url and 'use_ssl' difference.
Queue ⇒ Horde Framework Packages
What we are trying to achieve is that login on horde (with imp_login)
should be always with 'https' (because of passwords), and then with
session initiated let clients decide if they use ssl on every request
or not.
So, we set on 'horde/conf.php' value '$conf['use_ssl'] = 2;' and on
'horde/imp/login.php' around line 138 we have:
$formAction = Horde::url('redirect.php', false, -1, true); // true =
force_ssl !!!
Documentation on 'conf.php.dist' says:
// Determines how we generate full URLs (for location headers and
// such). Possible values are:
// 0 - Assume that we are not using SSL and never generate https URLS.
// 1 - Assume that we are using SSL and always generate https URLS.
// NOTE: If you do this, you MUST hardcode the correct HTTPS port
// number in $conf['server']['port'] below. Otherwise Horde will
// be unable to generate correct HTTPS URLs when a user tries to
// access Horde via a non-HTTPS port.
// 2 - Attempt to auto-detect, and generate URLs appropriately.
$conf['use_ssl'] = 2; // in my case use auto-detection
So it's supossed to generate https urls for login, and then continue
with '$browser->usingSSLConnection()' mainly.
But, when I looked at 'Horde::url', in 'lib/Horde.php', I saw this:
function url($uri, $full = false, $append_session = 0, $force_ssl = false)
{
if ($force_ssl) {
$full = true;
}
if ($full) {
global $conf, $registry, $browser;
/* Store connection parameters in local variables. */
$server_name = $conf['server']['name'];
$server_port = $conf['server']['port'];
$protocol = 'http';
if ($conf['use_ssl'] == 1) {
$protocol = 'https';
} elseif ($conf['use_ssl'] == 2 &&
$browser->usingSSLConnection()) {
$protocol = 'https';
} elseif ($conf['use_ssl'] == 3) {
$server_port = '';
if ($force_ssl) {
$protocol = 'https';
}
}
Well, '$conf['use_ssl'] == 3' is an undocumented feature, or there is
a bug somewhere :)
Also, if I set '$conf['use_ssl'] == 3' on my horde config, works great
generating 'https' urls, but then if I'm using https already after
login urls are changed to 'http'.
I think that
if ($force_ssl) {
$protocol = 'https';
}
on this method should have priority over other things.
Also, documentation must be updated...
Thanks,
Felipe.