https links for www_root and static_root links on secure pages

jesse.glaves · January 7, 2015 5:38pm

I just installed a secure certificate on our website, and I'm wondering what the recommended method for working with secure pages with static_root and www_root links in the template is? I was hoping that the site would dynamically switch these links to https when a secure page is requested. Hopefully that makes sense. Let me know if I need to clarify. Any help is appreciated, thanks.

timbuckingham · January 7, 2015 5:39pm

Call $cms->makeSecure() in your template and it will rewrite images, javascript, and CSS includes so they are served over HTTPS.

jesse.glaves · January 7, 2015 5:43pm

Thanks Tim. I figured there would be something like that available. Would you recommend checking the URL to see if the page is requested securely, and then call $cms->makeSecure() if that's the case?

jesse.glaves · January 7, 2015 5:57pm

Nevermind, I'll probably just call it on pages that I know need to be secure.

timbuckingham · January 7, 2015 6:22pm

$cms->makeSecure() will automatically redirect to the https:// version of the URL if that page is accessed from http://, so you won't need to check for it.

jesse.glaves · January 8, 2015 1:38pm

I just gave it a try. I was hoping for something that would convert the www_root and static_root references in my templates to https links instead of http links so I don't have insecure content, but it doesn't appear to do that.

jesse.glaves · January 8, 2015 1:41pm

I could just make the resource links in my templates relative links, but then I lose the benefit of using the static_root and www_root shortcodes in my templates.

timbuckingham · January 8, 2015 1:46pm

Hm, strange -- can you provide me with a link to one of the pages that $cms->makeSecure() was called on? It's possible that the regex is failing for some reason and not rewriting the URIs properly (I'm not very good at regex!).

jesse.glaves · January 8, 2015 2:04pm

I changed to relative links and it worked, but I've put the shortcodes back in for you to check out:

https://www.kpc.alaska.edu/about/giving/give

jesse.glaves · January 8, 2015 2:06pm

<?
$cms->makeSecure();
?>

<? include "../templates/layouts/_topshelf.php" ?>

<div class="row outercontent">

<div class="desktop-full tablet-full mobile-full">

<?
include '../templates/layouts/_breadcrumbs.php';
?>

<div class="content">

<? if ($teaser) { ?>
<blockquote><?=$teaser?></blockquote>
<? } ?>

Content

<div class="margin_m"></div>

</div>

</div>

</div>
</div>

timbuckingham · January 8, 2015 2:08pm

Hm, very strange -- I manually ran the regex replacements and it properly updated to pull from https://. Not sure what's going on unfortunately.

It occurs in /core/router.php on line 400:

// If we're in HTTPS, make sure all Javascript, images, and CSS are pulling from HTTPS
if ($cms->Secure) {
	// Replace CSS includes
	$bigtree["content"] = preg_replace_callback('/<link [^>]*href="([^"]*)"/',create_function('$matches','
		return str_replace(\'href="http://\',\'href="https://\',$matches[0]);
	'),$bigtree["content"]);
	// Replace script and image tags.
	$bigtree["content"] = str_replace('src="http://','src="https://',$bigtree["content"]);
}

You could check if that condition is being ignored for some reason.

jesse.glaves · January 8, 2015 2:11pm

I'm still on 4.1 by the way. Maybe this code was not included yet? I don't see it in /core/router.php. Any problems with adding it in there on this version?

timbuckingham · January 8, 2015 2:14pm

That's quite odd, makeSecure has existed since 4.0 and I see it in 4.1 as well here:
https://github.com/bigtreecms/BigTree-C … r.php#L400

Have you done any customizing of the router?

jesse.glaves · January 8, 2015 2:16pm

I don't think I've made any changes to core.

timbuckingham · January 8, 2015 2:18pm

Can you email me your copy of /core/router.php? Curious what's going on there

jesse.glaves · January 8, 2015 2:18pm

My mistake. It's in there.

jesse.glaves · January 8, 2015 2:26pm

Sent

jesse.glaves · January 23, 2015 3:50pm

For reference, this issue was caused by the existence of a $cms object that I created in another included template file. From what I understand, there is never really a need to manually create the $cms object, as all pages should inherit the $cms class, so I removed the object, and everything is happy.

Discussion Forum

BigTree CMS Discussion Forum

#1 January 7, 2015 5:38pm

https links for www_root and static_root links on secure pages

#2 January 7, 2015 5:39pm

Re: https links for www_root and static_root links on secure pages

#3 January 7, 2015 5:43pm

Re: https links for www_root and static_root links on secure pages

#4 January 7, 2015 5:57pm

Re: https links for www_root and static_root links on secure pages

#5 January 7, 2015 6:22pm

Re: https links for www_root and static_root links on secure pages

#6 January 8, 2015 1:38pm

Re: https links for www_root and static_root links on secure pages

#7 January 8, 2015 1:41pm

Re: https links for www_root and static_root links on secure pages

#8 January 8, 2015 1:46pm

Re: https links for www_root and static_root links on secure pages

#9 January 8, 2015 2:04pm

Re: https links for www_root and static_root links on secure pages

#10 January 8, 2015 2:06pm

Re: https links for www_root and static_root links on secure pages

#11 January 8, 2015 2:08pm

Re: https links for www_root and static_root links on secure pages

#12 January 8, 2015 2:11pm

Re: https links for www_root and static_root links on secure pages

#13 January 8, 2015 2:14pm

Re: https links for www_root and static_root links on secure pages

#14 January 8, 2015 2:16pm

Re: https links for www_root and static_root links on secure pages

#15 January 8, 2015 2:18pm

Re: https links for www_root and static_root links on secure pages

#16 January 8, 2015 2:18pm

Re: https links for www_root and static_root links on secure pages

#17 January 8, 2015 2:26pm

Re: https links for www_root and static_root links on secure pages

#18 January 23, 2015 3:50pm

Re: https links for www_root and static_root links on secure pages

Board footer