SSL and NON SSL Pages

Permalink 1 user found helpful
Could anyone explain in-depth on how hard it would be to get this to work. We have a client that wants a c5 site and I need to figure out how the SSL and NON-SSL pages will work together. If anyone has any inside on how this works please let me know.

bryanlewis
View Replies:
ryan replied on at Permalink Reply
ryan
If you set redirect to base url to false, the site should render on whatever url it's requested on.

so,http://yoursite.com would work the same as:
http://yoursite.com

If you wanted to require your site to be on ssl, you could not set the redirect to base url config and just set your base url to:
http://yoursite.com

<?php define('REDIRECT_TO_BASE_URL', false); ?>
frz replied on at Permalink Reply
frz
Is it the hour of the morning, or did you mean https:// in some of those?


are we sure all the corners work? flash uploader.. etc? it's been a few versions since we had to do this ourselves.
jgarcia replied on at Permalink Reply
jgarcia
here's my thoughts on this...similar to Ryan's (make sure redirect to base url=false), but if you wanted to require SSL on certain pages, you could create a page type with the following code at the top:

<?php
if ($_SERVER['HTTPS'] != 'on') {
  header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
?>


I'm not 100% sure that this would work, as php headers might have already been sent by the type this code executes. In that case, a controller would need to be created for the page type with this same code in it.

I know there's a million other "important" feature requests, but it might be useful to have a page attribute in the core called "Require SSL" and let the core handle redirecting to SSL. Just a thought...probably not too high of priority.
jgarcia replied on at Permalink Reply
jgarcia
looks like the code in my previous post is getting kinda messed up when it is being rendered. here's a non-coded version that will hopefully show up okay...

<?php
if ($_SERVER['HTTPS'] != 'on') {
header('location:https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
}
?>
jgarcia replied on at Permalink Reply
jgarcia
btw...any thoughts from the core team on this? i wouldn't want to overstep or re-create anything that might already exist or be in the works for this (esp. with the e-commerce package i know you guys are working on).
frz replied on at Permalink Reply
frz
Ryan's a proud member of the core team.. I actually just asked him how long this would take for a hosting client. We agreed to budget 3 hours for debugging corners (will those flash uploaders work?) but we don't see a major hurdle here...

again its been a few versions since we've done this... i imagine picnik will die.. etc.
jgarcia replied on at Permalink Reply
jgarcia
yo ryan - hope i didn't seem to ignore the fact that you were on the core team and had already commented...i just wanted to make sure that there wasn't something else out there that already existed beyond what was already discussed related to redirecting only certain pages to SSL...
kstrange replied on at Permalink Reply
kstrange
Has this ever been resolved? Does anyone know how to make pretty urls function with ssl? If I can access a page thru either http or https then how do you get index.php to work within the https url ?
Mnkras replied on at Permalink Reply
Mnkras
this is over a year old, take a look at the free ssl addon in the Marketplace
kstrange replied on at Permalink Reply
kstrange
I have, and it doesn't seem to do anything worthwhile - I have to manually decide which pages should be ssl, then I still need to hack the menus - and it doesn't resolve the problem with existing links on a page as they all revert to https as well.

Am I missing something?