CMS MADE SIMPLE FORGE

CMS Made Simple Core

 
Back Back to List

[#7082] Navigating from HTTPS back to HTTP bug

avatar
Created By: Mitch Austin (mbaustin513)
Date Submitted: Wed Nov 02 18:29:21 -0400 2011

Assigned To:
Version: None
CMSMS Version: 1.10
Severity: Minor
Resolution: Invalid
State: Closed
Summary:
Navigating from HTTPS back to HTTP bug
Detailed Description:
I've noticed that when navigating from a page that uses HTTPS to a page that is
not secured it loads the page that is suppose to be in HTTP in HTTPS.  The
certificate then fails to encrypt the page correctly because some image paths do
not use https.  This causes the certificate to show up partially encrypted. 
Maybe it's me but I have a site running 1.10 on a test server and the same site
running 1.9.4.3 live and the 1.10 has this problem.  All configs are set up
equally and paths are same in all stylesheets/templates.  Any help would be
greatly appreciated.

Thanks!


History

Comments
avatar 
Date: 2011-11-02 18:36
Posted By: Robert Campbell (calguy1000)

The URL in the navigation link dictates wether the browser uses the HTTP or
HTTPS port to load the page.  This has been verified.   You must have something
else (.htaccess rewrite rules for example) getting in the way.
avatar 
Date: 2011-11-02 18:42
Posted By: Mitch Austin (mbaustin513)

My  .htaccess files are the same on both sites except for the rewrite rule
adding the WWW in front of domain. What else could be getting in the way?
avatar 
Date: 2011-11-02 18:54
Posted By: Robert Campbell (calguy1000)

CMSMS uses the 'secure' flag in each content page to determine whether to use
the root_url or the ssl_url from the config.php to build URLS that are provided
to the navigation.

If your navigation link says http:// then the browser will use port 80.  If it
says https://  then it will use port 443 (by default).

If you navigate to a page that is marked as 'secure' using the HTTP protocol,
CMSMS will detect this and then redirect back to the same page using the HTTPS
protocol (based ssl_url in the config.php).

But if you are having a problem with redirecting from a 'secure' page to a 'non
secure' page, and the URL of the destination page says http:// ... then you have
a problem with server configuration or server rewrite rules.  There's nothing
more we can help with....

I suspect you've messed up your config.php, and/or your .htaccess  and/or your
server configuration is a bit messed up... but don't see any evidence of a CMSMS
issue at this time.
avatar 
Date: 2011-11-03 10:28
Posted By: Mitch Austin (mbaustin513)

Okay, I think I found my issue but I still cannot explain it.  When I'm on a
https:// secured page and I click on the logo to take me back to my home page,
it will not break out of https://.  I have the logo coded like this:

<a href="{root_url}">
<img src="uploads/images/template_images/logo.png" alt="Etowah Florist"
/>
 </a>

Now here is the strange part.  My test site is located on a different server and
I have the same duplicated site installed in a "sub-directory" folder, will not
work with the above code.  The live site not in a "sub-directory" works just
fine with {root_url} tag.  To solve this on my test site using the
"sub-directory" I used the following tag:

{cms_selflink dir="start" image="uploads/images/template_images/logo.png"
text="$sitename"}

Can you please provide some insight as to why {root_url} works on one site but
not the other using the sub-directory?

Thanks!
Updates

Updated: 2012-04-13 10:59
state: Open => Closed

Updated: 2011-11-02 18:55
resolution_id: 5 => 9

Updated: 2011-11-02 18:35
resolution_id: => 5
severity_id: 1 => 3