• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.2 Check $_SERVER in config.php

MattW

Well-known member
#1
Basically, I've had a few members trying to access the site via SSL, and they get various errors with scripts being blocked by their browsers due to them being served via the HTTP CDN (such as the RTE not loading).

So, I've put this in config.php (which fixes the issue)
PHP:
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
{
$config['javaScriptUrl'] = 'https://shopz22se.r.worldssl.net/js';
$config['externalDataUrl'] = 'https://shopz22se.r.worldssl.net/data';
} else {
$config['javaScriptUrl'] = 'http://data.z22se.org.uk/js';
$config['externalDataUrl'] = 'http://data.z22se.org.uk/data';
}
Can anyone think of any problems doing that may cause?
 

Adam Howard

Well-known member
#2
The only conflict I can possibly think of is a mix of https and normal http could technically trigger a browser warning that some of your content is not secure.

As you SSL Certificate maybe only registered with https
 

MattW

Well-known member
#3
The only conflict I can possibly think of is a mix of https and normal http could technically trigger a browser warning that some of your content is not secure.

As you SSL Certificate maybe only registered with https
I'm not fussed about it warning that some content isn't secure (images etc), it was when loading the editor it was totally blocking it from loading.

upload_2013-10-16_21-7-0.png

I think you can click the little shield to allow it through, but none of the users new about that (I saw it in Chrome as well).

The SSL is only properly set up for my shop anyway on the same domain.
 

Adam Howard

Well-known member
#4
I'm not fussed about it warning that some content isn't secure (images etc), it was when loading the editor it was totally blocking it from loading.

View attachment 59184

I think you can click the little shield to allow it through, but none of the users new about that (I saw it in Chrome as well).

The SSL is only properly set up for my shop anyway on the same domain.
If you're not worried about it, then as far as I know ... I don't see a problem.

Of course as a word of caution.... Some people see those warnings and assume something isn't right or safe and "run away". Chrome is going to be your biggest issue as I've seen past versuon of Chrome display that full red page on mixed https / http as if your site was somehow dangerous (as least that is the impression it can give)
 

MattW

Well-known member
#5
If you're not worried about it, then as far as I know ... I don't see a problem.

Of course as a word of caution.... Some people see those warnings and assume something isn't right or safe and "run away". Chrome is going to be your biggest issue as I've seen past versuon of Chrome display that full red page on mixed https / http as if your site was somehow dangerous (as least that is the impression it can give)
Cheers Adam, I'm actually just going through all the stuff now so I can actually make it 100% https anyway (just using the shared SSL from the CDN provider)
 

MattW

Well-known member
#8
Changed my mind. This should fix the issue with people using SSL and it not loading the editor ;)

Code:
        # force HTTP
        RewriteCond %{HTTPS} =on
        RewriteRule !^(shop)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        #