XF 1.2 Check $_SERVER in config.php

MattW

MattW

Well-known member
Basically, I've had a few members trying to access the site via SSL, and they get various errors with scripts being blocked by their browsers due to them being served via the HTTP CDN (such as the RTE not loading).

So, I've put this in config.php (which fixes the issue)
PHP: 
if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off')
{
$config['javaScriptUrl'] = 'https://shopz22se.r.worldssl.net/js';
$config['externalDataUrl'] = 'https://shopz22se.r.worldssl.net/data';
} else {
$config['javaScriptUrl'] = 'http://data.z22se.org.uk/js';
$config['externalDataUrl'] = 'http://data.z22se.org.uk/data';
}

Can anyone think of any problems doing that may cause?
 
Sort by date Sort by votes
The only conflict I can possibly think of is a mix of https and normal http could technically trigger a browser warning that some of your content is not secure.

As you SSL Certificate maybe only registered with https
 
Upvote 0 Downvote
Adam Howard said:
The only conflict I can possibly think of is a mix of https and normal http could technically trigger a browser warning that some of your content is not secure.

As you SSL Certificate maybe only registered with https
Click to expand...
I'm not fussed about it warning that some content isn't secure (images etc), it was when loading the editor it was totally blocking it from loading.

upload_2013-10-16_21-7-0.webp

I think you can click the little shield to allow it through, but none of the users new about that (I saw it in Chrome as well).

The SSL is only properly set up for my shop anyway on the same domain.
 
Upvote 0 Downvote
MattW said:
I'm not fussed about it warning that some content isn't secure (images etc), it was when loading the editor it was totally blocking it from loading.

View attachment 59184

I think you can click the little shield to allow it through, but none of the users new about that (I saw it in Chrome as well).

The SSL is only properly set up for my shop anyway on the same domain.
Click to expand...
If you're not worried about it, then as far as I know ... I don't see a problem.

Of course as a word of caution.... Some people see those warnings and assume something isn't right or safe and "run away". Chrome is going to be your biggest issue as I've seen past versuon of Chrome display that full red page on mixed https / http as if your site was somehow dangerous (as least that is the impression it can give)
 
Upvote 0 Downvote
Adam Howard said:
If you're not worried about it, then as far as I know ... I don't see a problem.

Of course as a word of caution.... Some people see those warnings and assume something isn't right or safe and "run away". Chrome is going to be your biggest issue as I've seen past versuon of Chrome display that full red page on mixed https / http as if your site was somehow dangerous (as least that is the impression it can give)
Click to expand...
Cheers Adam, I'm actually just going through all the stuff now so I can actually make it 100% https anyway (just using the shared SSL from the CDN provider)
 
Upvote 0 Downvote
Changed my mind. This should fix the issue with people using SSL and it not loading the editor ;)

Code: 
        # force HTTP
        RewriteCond %{HTTPS} =on
        RewriteRule !^(shop)$ http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
        #
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

Marcus
XF 2.3 How to extend admin session for a week in config.php?
Replies
1
Views
115
Kirby
K
AndyB
Fixed Full Unicode support has been enabled in config.php but your database is not set to support this.
Replies
5
Views
1K
XF Bug Bot
XF Bug Bot
Mr. Jinx
  • Question Question
XF 2.2 Full Unicode support has been enabled in config.php MariaDB 10.6.3
Replies
16
Views
3K
Mr Lucky
Mr Lucky
Cupara
  • Question Question
Do I need to configure more options in config.php for Redis?
Replies
0
Views
2K
Cupara
Cupara
B
  • Locked
Not a bug Setting a CDN in config.php for ExternalUrl , open attachments in a new browser tab
Replies
3
Views
1K
Mike
Mike
Back
Top Bottom