[OPEN-ILS-DEV] Fixing the mixed-content warnings in My Account
Mike Rylander
mrylander at gmail.com
Tue Jun 2 08:25:20 EDT 2009
On Fri, May 29, 2009 at 11:10 AM, Jeff Godin <jeff at tcnet.org> wrote:
> I had a few discussions with people at eg09 regarding this, and I'm
> glad that Dan brought it up!
>
> Inspired by both ideas in this thread, I tried something else. Seems
> to work here.
>
> The following suggested patch should fix the mixed content warnings
> "out of the box" without breaking sites that use static servers for
> CSS and Javascript.
>
> This sets OILS_PROTOCOL based on the environment variable HTTPS (which
> Apache sets to "on" for https:// requests).
>
> Thus, a page loaded via https:// gets https:// urls, and a page loaded
> via http:// gets http:// urls.
>
> To accommodate sites with static servers that can not support https,
> there's a new OILS_OPAC_STATIC_PROTOCOL variable in eg_vhost.conf
> which can be set to "http" to force JS/CSS to be loaded over http://
> (you'll get the same warnings that you got before).
>
> Not addressed yet: OILS_OPAC_IMAGES_HOST, or Craftsman.
>
Have you looked as the cost of addressing these? If those can be
taken care of in short order, I think this is the right way to go
short-term, because it's less overall change the the code than and
other options.
> If I'm on the right track here, I'd also like to add the ability for
> sites with static servers that have no https support on the static
> servers to fall back to loading JS/CSS from the https servers -- some
> performance loss, but allows them to avoid the mixed-content warnings
> also.
>
> Feedback? Testing from someone with a static server setup?
>
I'll see if we can get this tested soon. Thanks Jeff!
--
Mike Rylander
| VP, Research and Design
| Equinox Software, Inc. / The Evergreen Experts
| phone: 1-877-OPEN-ILS (673-6457)
| email: miker at esilibrary.com
| web: http://www.esilibrary.com
More information about the Open-ils-dev
mailing list