[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[EP-tech] Any issues under SSL?



I've seen this too.
I wonder whether updating [EPRINTS_ROOT]/archives/[ARCHIVEID]/cfg/cfg.d/epm.pl to set the base URL of the Bazaar to be https would help?

On a related note, EPrints 3.3.10, over https, the fileicons are served over http (EPrints::DataObj::Document::icon_url check for $session->{preparing_static_page}, and uses http_url to construct the URL).

One way to resolve this is to unset $c->{host}, and just have $c->{securehost} set - but I'm not sure if this introduces other issues.

Anyone else got a better resolution for this? (I know issuing an HSTS header would solve it in practical terms, but I'd like EPrint to emit the right URL anyway).

Cheers,
John

From: eprints-tech-bounces at ecs.soton.ac.uk [mailto:eprints-tech-bounces at ecs.soton.ac.uk] On Behalf Of David R Newman
Sent: 19 October 2017 09:12
To: eprints-tech at ecs.soton.ac.uk
Subject: Re: [EP-tech] Any issues under SSL?


Hi Alan,

Yes, I see this issue to when I click on the Available tab and it loads things through from the Bazaar.  bazaar.eprints.org is fully SSL enabled, so it should be possible to fix a file somewhere on your local repository.  I am not sure which file yet.  However, when I do I will get back to you and also submit a patch so other can fix this.  It looks like it is probably a one liner.

Regards

David Newman

EPrints Services
On 19/10/2017 08:54, Alan.Stiles wrote:
Hi all,
For anyone running under SSL, do you have any errors flagged about mixed content when using the bazaar?  My test setup complains that the verb images (e.g. 'One-click Install' or 'for data') are all coming from http://bazaar.eprints.org.  Have you implemented a local fix or just ignore it as it only really affects you?

Thanks,
Alan
-- The Open University is incorporated by Royal Charter (RC 000391), an exempt charity in England & Wales and a charity registered in Scotland (SC 038302). The Open University is authorised and regulated by the Financial Conduct Authority in relation to its secondary activity of credit broking.



*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech

*** Archive: http://www.eprints.org/tech.php/

*** EPrints community wiki: http://wiki.eprints.org/

*** EPrints developers Forum: http://forum.eprints.org/

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20171019/c4c700e5/attachment-0001.html