XF 1.3 Problems implementing SSL

Sort by date Sort by votes
If the base href is detecting as http, that would indicate that either the server running PHP wasn't hit with HTTPS (such as if you're using a load balancer/reverse proxy setup) or that there was no environment variable set to indicate this.

XF expects $_SERVER['HTTPS'] = 'on' to be set (standard in Apache, commonly added in Nginx). You could explicitly set it in config.php if needed.
 
Upvote 0 Downvote
I may have been hasty in calling it a bug. It's more like what Mike has said where it just doesn't pass that, which isn't necessarily incorrect.

There's a way to pass the variable if PHP is used as fastcgi, but that may not be applicable to you.

Mike said:
You could explicitly set it in config.php if needed.
Click to expand...
We've done this for now.

There's a small issue this introduces with Gravatar though Mike.

PHP: 
return (XenForo_Application::$secure ? 'https://secure' : 'http://www')
    . ".gravatar.com/avatar/{$md5}?s={$size}{$default}";

$secure is set when Zend Framework is initialised I think, before the config.php file is looked at so it gets the original NULL value.

I've overridden that Gravatar code to force https://secure. for now.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

I
  • Question Question
XF 2.2 IPS4 Importer Attachment error
Replies
1
Views
597
Ichirou
I
mattrogowski
Confusing app_api_validate_request event behaviour
Replies
0
Views
331
mattrogowski
mattrogowski
Digital Jedi
  • Question Question
str_replace(array) Not Working as Expected with CSS File
Replies
1
Views
360
Digital Jedi
Digital Jedi
Vercingetorix
Activity Summary emails are the digital equivalent of junk mail.
Replies
3
Views
1K
Vercingetorix
Vercingetorix
L
  • Question Question
XF 2.2 Thread creation API suddenly doesn't work
Replies
4
Views
412
lpickup
L
Top Bottom