6.0.0-beta1
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
10/21/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#3840] Horde::url and 'use_ssl' difference.
*
Your Email Address
*
Spam protection
Enter the letters below:
.__ . ..__ .__.. [__)|\ || \| || | | \||__/|__\|___
Comment
> I'll try to be clear on this one. > > > > What we are trying to achieve is that login on horde (with imp_login) > should be always with 'https' (because of passwords), and then with > session initiated let clients decide if they use ssl on every request > or not. > > > > So, we set on 'horde/conf.php' value '$conf['use_ssl'] = 2;' and on > 'horde/imp/login.php' around line 138 we have: > > > > $formAction = Horde::url('redirect.php', false, -1, true); // true = > force_ssl !!! > > > > Documentation on 'conf.php.dist' says: > > > > // Determines how we generate full URLs (for location headers and > > // such). Possible values are: > > // 0 - Assume that we are not using SSL and never generate https URLS. > > // 1 - Assume that we are using SSL and always generate https URLS. > > // NOTE: If you do this, you MUST hardcode the correct HTTPS port > > // number in $conf['server']['port'] below. Otherwise Horde will > > // be unable to generate correct HTTPS URLs when a user tries to > > // access Horde via a non-HTTPS port. > > // 2 - Attempt to auto-detect, and generate URLs appropriately. > > $conf['use_ssl'] = 2; // in my case use auto-detection > > > > So it's supossed to generate https urls for login, and then continue > with '$browser->usingSSLConnection()' mainly. > > > > But, when I looked at 'Horde::url', in 'lib/Horde.php', I saw this: > > > > function url($uri, $full = false, $append_session = 0, $force_ssl > = false) > > { > > if ($force_ssl) { > > $full = true; > > } > > > > if ($full) { > > global $conf, $registry, $browser; > > > > /* Store connection parameters in local variables. */ > > $server_name = $conf['server']['name']; > > $server_port = $conf['server']['port']; > > > > $protocol = 'http'; > > if ($conf['use_ssl'] == 1) { > > $protocol = 'https'; > > } elseif ($conf['use_ssl'] == 2 && > > $browser->usingSSLConnection()) { > > $protocol = 'https'; > > } elseif ($conf['use_ssl'] == 3) { > > $server_port = ''; > > if ($force_ssl) { > > $protocol = 'https'; > > } > > } > > > > Well, '$conf['use_ssl'] == 3' is an undocumented feature, or there is > a bug somewhere :) > > Also, if I set '$conf['use_ssl'] == 3' on my horde config, works > great generating 'https' urls, but then if I'm using https already > after login urls are changed to 'http'. > > > > I think that > > if ($force_ssl) { > > $protocol = 'https'; > > } > > on this method should have priority over other things. > > Also, documentation must be updated... > > > > Thanks, > > > > Felipe. > >
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers