1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.2 Check $_SERVER in config.php

Discussion in 'XenForo Questions and Support' started by MattW, Oct 16, 2013.

  1. MattW

    MattW Well-Known Member

    Basically, I've had a few members trying to access the site via SSL, and they get various errors with scripts being blocked by their browsers due to them being served via the HTTP CDN (such as the RTE not loading).

    So, I've put this in config.php (which fixes the issue)
    PHP:
    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
    {
    $config['javaScriptUrl'] = 'https://shopz22se.r.worldssl.net/js';
    $config['externalDataUrl'] = 'https://shopz22se.r.worldssl.net/data';
    } else {
    $config['javaScriptUrl'] = 'http://data.z22se.org.uk/js';
    $config['externalDataUrl'] = 'http://data.z22se.org.uk/data';
    }
    Can anyone think of any problems doing that may cause?
     
    Adam Howard likes this.
  2. Adam Howard

    Adam Howard Well-Known Member

    The only conflict I can possibly think of is a mix of https and normal http could technically trigger a browser warning that some of your content is not secure.

    As you SSL Certificate maybe only registered with https
     
  3. MattW

    MattW Well-Known Member

    I'm not fussed about it warning that some content isn't secure (images etc), it was when loading the editor it was totally blocking it from loading.

    upload_2013-10-16_21-7-0.png

    I think you can click the little shield to allow it through, but none of the users new about that (I saw it in Chrome as well).

    The SSL is only properly set up for my shop anyway on the same domain.
     
  4. Adam Howard

    Adam Howard Well-Known Member

    If you're not worried about it, then as far as I know ... I don't see a problem.

    Of course as a word of caution.... Some people see those warnings and assume something isn't right or safe and "run away". Chrome is going to be your biggest issue as I've seen past versuon of Chrome display that full red page on mixed https / http as if your site was somehow dangerous (as least that is the impression it can give)
     
  5. MattW

    MattW Well-Known Member

    Cheers Adam, I'm actually just going through all the stuff now so I can actually make it 100% https anyway (just using the shared SSL from the CDN provider)
     
    Adam Howard likes this.
  6. MattW

    MattW Well-Known Member

    Should be all done ;)
     
  7. MattW

    MattW Well-Known Member

    Damn! Smilies!!!
     
  8. MattW

    MattW Well-Known Member

    Changed my mind. This should fix the issue with people using SSL and it not loading the editor ;)

    Code:
            # force HTTP
            RewriteCond %{HTTPS} =on
            RewriteRule !^(shop)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
            #
     
    Adam Howard likes this.

Share This Page