[OPEN-ILS-DEV] Fixing the mixed-content warnings in My Account

Jeff Godin jeff at tcnet.org
Fri May 29 11:10:35 EDT 2009 

I had a few discussions with people at eg09 regarding this, and I'm
glad that Dan brought it up!

Inspired by both ideas in this thread, I tried something else. Seems
to work here.

The following suggested patch should fix the mixed content warnings
"out of the box" without breaking sites that use static servers for
CSS and Javascript.

This sets OILS_PROTOCOL based on the environment variable HTTPS (which
Apache sets to "on" for https:// requests).

Thus, a page loaded via https:// gets https:// urls, and a page loaded
via http:// gets http:// urls.

To accommodate sites with static servers that can not support https,
there's a new OILS_OPAC_STATIC_PROTOCOL variable in eg_vhost.conf
which can be set to "http" to force JS/CSS to be loaded over http://
(you'll get the same warnings that you got before).

Not addressed yet: OILS_OPAC_IMAGES_HOST, or Craftsman.

If I'm on the right track here, I'd also like to add the ability for
sites with static servers that have no https support on the static
servers to fall back to loading JS/CSS from the https servers -- some
performance loss, but allows them to avoid the mixed-content warnings
also.

Feedback? Testing from someone with a static server setup?

-jeff
-------------- next part --------------

Developer's Certificate of Origin 1.1

By making a contribution to this project, I certify that:

(a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or

(b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or

(c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.

(d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.

Signed-off-by: Jeff Godin <jeff at tcnet.org> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-https-mixed-content.diff
Type: text/x-diff
Size: 2250 bytes
Desc: not available
Url : http://libmail.georgialibraries.org/pipermail/open-ils-dev/attachments/20090529/9af3b9f5/attachment.diff

More information about the Open-ils-dev mailing list