XF 1.3 Problems implementing SSL

Sort by date Sort by votes
If the base href is detecting as http, that would indicate that either the server running PHP wasn't hit with HTTPS (such as if you're using a load balancer/reverse proxy setup) or that there was no environment variable set to indicate this.

XF expects $_SERVER['HTTPS'] = 'on' to be set (standard in Apache, commonly added in Nginx). You could explicitly set it in config.php if needed.
 
Upvote 0 Downvote
I may have been hasty in calling it a bug. It's more like what Mike has said where it just doesn't pass that, which isn't necessarily incorrect.

There's a way to pass the variable if PHP is used as fastcgi, but that may not be applicable to you.

Mike said:
You could explicitly set it in config.php if needed.
Click to expand...
We've done this for now.

There's a small issue this introduces with Gravatar though Mike.

PHP: 
return (XenForo_Application::$secure ? 'https://secure' : 'http://www')
    . ".gravatar.com/avatar/{$md5}?s={$size}{$default}";

$secure is set when Zend Framework is initialised I think, before the config.php file is looked at so it gets the original NULL value.

I've overridden that Gravatar code to force https://secure. for now.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

MattW
  • Solved
Implementing MySQLi SSL
Replies
19
Views
1K
ClubRunner
ClubRunner
Earl
  • Solved
XF 2.2 help with implementing new XenForo content vote system to an add-on, build link, route
Replies
1
Views
707
Jeremy P
Jeremy P
SFFNetwork
  • Question Question
XF 2.1 Best practice for implementing banner and permissions for "new users"?
Replies
4
Views
455
SFFNetwork
SFFNetwork
DroidOne
XF 1 Help with implementing mobile ads in Xenforo
Replies
1
Views
437
DroidOne
DroidOne
P
How To Implement SSL To Secure HTTP Traffic (HTTPS)
3 4 5
Replies
99
Views
37K
Paul B
P
Back
Top Bottom