EPrints Technical Mailing List Archive

Message: #06887

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

Re: [EP-tech] Any issues under SSL?

I've seen this too.

I wonder whether updating [EPRINTS_ROOT]/archives/[ARCHIVEID]/cfg/cfg.d/epm.pl to set the base URL of the Bazaar to be https would help?


On a related note, EPrints 3.3.10, over https, the fileicons are served over http (EPrints::DataObj::Document::icon_url check for $session->{preparing_static_page}, and uses http_url to construct the URL).


One way to resolve this is to unset $c->{host}, and just have $c->{securehost} set - but I'm not sure if this introduces other issues.


Anyone else got a better resolution for this? (I know issuing an HSTS header would solve it in practical terms, but I'd like EPrint to emit the right URL anyway).





From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounces@ecs.soton.ac.uk] On Behalf Of David R Newman
Sent: 19 October 2017 09:12
To: eprints-tech@ecs.soton.ac.uk
Subject: Re: [EP-tech] Any issues under SSL?


Hi Alan,

Yes, I see this issue to when I click on the Available tab and it loads things through from the Bazaar.  bazaar.eprints.org is fully SSL enabled, so it should be possible to fix a file somewhere on your local repository.  I am not sure which file yet.  However, when I do I will get back to you and also submit a patch so other can fix this.  It looks like it is probably a one liner.


David Newman

EPrints Services

On 19/10/2017 08:54, Alan.Stiles wrote:

Hi all,

For anyone running under SSL, do you have any errors flagged about mixed content when using the bazaar?  My test setup complains that the verb images (e.g. ‘One-click Install’ or ‘for data’) are all coming from http://bazaar.eprints.org.  Have you implemented a local fix or just ignore it as it only really affects you?




-- The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England & Wales and a charity registered in Scotland (SC 038302). The Open University is authorised and regulated by the Financial Conduct Authority in relation to its secondary activity of credit broking.

*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/
*** EPrints developers Forum: http://forum.eprints.org/