[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Any issues under SSL?

Subject: [EP-tech] Any issues under SSL?
From: J.Salter at leeds.ac.uk (John Salter)
Date: Thu, 19 Oct 2017 08:37:50 +0000
In-reply-to: <EMEW3|afdcdb3a129f39cae88af444a289640fy9I9CH14eprints-tech-bounces|ecs.soton.ac.uk|5b20cf47-a5fa-0094-d904-2836c858167d@ecs.soton.ac.uk>
References: <HE1PR0401MB23798A4F35FFBB720D4BD8E8CA420@HE1PR0401MB2379.eurprd04.prod.outlook.com> <EMEW3|931d536ed30dcd8cc444df35423b4063y9I8y114eprints-tech-bounces|ecs.soton.ac.uk|HE1PR0401MB23798A4F35FFBB720D4BD8E8CA420@HE1PR0401MB2379.eurprd04.prod.outlook.com> <5b20cf47-a5fa-0094-d904-2836c858167d@ecs.soton.ac.uk> <EMEW3|afdcdb3a129f39cae88af444a289640fy9I9CH14eprints-tech-bounces|ecs.soton.ac.uk|5b20cf47-a5fa-0094-d904-2836c858167d@ecs.soton.ac.uk>

I've seen this too.
I wonder whether updating [EPRINTS_ROOT]/archives/[ARCHIVEID]/cfg/cfg.d/epm.pl to set the base URL of the Bazaar to be https would help?

On a related note, EPrints 3.3.10, over https, the fileicons are served over http (EPrints::DataObj::Document::icon_url check for $session->{preparing_static_page}, and uses http_url to construct the URL).

One way to resolve this is to unset $c->{host}, and just have $c->{securehost} set - but I'm not sure if this introduces other issues.

Anyone else got a better resolution for this? (I know issuing an HSTS header would solve it in practical terms, but I'd like EPrint to emit the right URL anyway).

Cheers,
John

From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of David R Newman
Sent: 19 October 2017 09:12
To: eprints-tech at ecs.soton.ac.uk
Subject: Re: [EP-tech] Any issues under SSL?


Hi Alan,

Yes, I see this issue to when I click on the Available tab and it loads things through from the Bazaar.  bazaar.eprints.org is fully SSL enabled, so it should be possible to fix a file somewhere on your local repository.  I am not sure which file yet.  However, when I do I will get back to you and also submit a patch so other can fix this.  It looks like it is probably a one liner.

Regards

David Newman

EPrints Services
On 19/10/2017 08:54, Alan.Stiles wrote:
Hi all,
For anyone running under SSL, do you have any errors flagged about mixed content when using the bazaar?  My test setup complains that the verb images (e.g. 'One-click Install' or 'for data') are all coming from http://bazaar.eprints.org.  Have you implemented a local fix or just ignore it as it only really affects you?

Thanks,
Alan
-- The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England & Wales and a charity registered in Scotland (SC 038302). The Open University is authorised and regulated by the Financial Conduct Authority in relation to its secondary activity of credit broking.



*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech

*** Archive: http://www.eprints.org/tech.php/

*** EPrints community wiki: http://wiki.eprints.org/

*** EPrints developers Forum: http://forum.eprints.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20171019/c4c700e5/attachment-0001.html

References:
- [EP-tech] Any issues under SSL?
  - From: alan.stiles at open.ac.uk (Alan.Stiles)
- [EP-tech] Any issues under SSL?
  - From: drn at ecs.soton.ac.uk (David R Newman)

Prev by Date: [EP-tech] Any issues under SSL?
Next by Date: [EP-tech] Issue installing IRStats
Previous by thread: [EP-tech] Any issues under SSL?
Next by thread: [EP-tech] Any issues under SSL?
Index(es):
- Date
- Thread