Secured the entire (public) site

Reviews
Diff

- Download Diff

Information
Submitter:	Adrian Budau
Repository:	infoarena
Branch:
Bugs:
Depends On:
Reviewers
Groups:	hackers
People:

Description

Modified the site so that we won't get any warning about insecure content on secured connections. For local clones you also have to modify the ia theme so that the folders aren't prepended with "http://" but with "//". 
The link to do this is : "Configuare" -> "Tema curenta". Go there and modify the 2 folder links.
We can not do this for the administration of the forum(forum admin) because too many hacks would be included. Admins should be okay with this. 

Image Urls are now local so we do not need to keep track of whether they are http or https.
Newsletter tamplates have been changed(on live) so now we can write newsletter using absolute urls and it will work 

Also many lint fixes.

Testing Done

Issues

0
1
0
All Issues: 1

Description	From	Last Updated
Just don't use url_absolute at all.	Bogdan-Cristian Tătăroiu	June 14, 2012, 11:33 p.m.

I hope you tested this on a lot of browsers.
There are some issues with how this is handled so far:

- Newsletters fail because they do not contain absolute urls anymore, we need to render them with absolute urls. Newsletters were the only reason we ever used url_absolute as far as I can tell, so I would say just remove all url_absolutes by default and have something like a global variable that can be set in scripts which forces URLs to be absolute.
- Attachments still have absolute urls, and image urls inside textile are cached, so sometimes you get https images and sometimes you get http.
- Clicking on the login or register buttons automatically redirects you to https (as is correct), but keeps you in https for the remainder of your visit. This may be unwanted behaviour; you need to look at the last page (!= register, login) that the user visited and decide if he was using https or not.

trunk/smf/Themes/default/index.template.php (Diff revision 1)

Show all issues

Just don't use url_absolute at all.

Change Summary:

Removed all the url_absolute(that could have been removed) and occurences of IA_URL.
Fixed newsletters and image attachments in wiki.
The login and register https <-> http changing problem is still not solved, I would rather we have a certificate instead so staying on https will be a good thing.

Description:

		Modified the site so that we won't get any warning about insecure content on secured connections. For local clones you also have to modify the ia theme so that the folders aren't prepended with "http://" but with "//".
~		The link to do this is : "Configuare" -> "Tema curenta". Go there and modify the 2 folder links.
	~	The link to do this is : "Configuare" -> "Tema curenta". Go there and modify the 2 folder links.
	+	We can not do this for the administration of the forum(forum admin) because too many hacks would be included. Admins should be okay with this.

~		We can not do this for the administration of the forum(forum admin) because too many hacks would be included. Admins should be okay with this.
	~	Image Urls are now local so we do not need to keep track of whether they are http or https.
	+	Newsletter tamplates have been changed(on live) so now we can write newsletter using absolute urls and it will work
	+
	+	Also many lint fixes.

Diff:

Revision 2 (+44 -50)

Show changes

	trunk/common/task.php
	trunk/common/db/task.php
	trunk/scripts/setup
	trunk/smf/Themes/default/index.template.php
	trunk/www/url.php
	trunk/www/controllers/attachment.php
	trunk/www/macros/macro_calendar.php
	trunk/www/macros/macro_googledocument.php
	12 more

You have a pending review.

Review Board 2.5.13.1

Screenshots

Files

Issues

Change Summary:

Description:

Diff: