[TYPO3-english] HTTPS, TYPO3 and static resources (images, etc.)

Stephan Schuler Stephan.Schuler at netlogix.de
Wed Feb 1 19:15:48 CET 2012

Hey Jason.

The first thing:

Since the scheme stuff is part of the TYPO3 core, the https enforcer is not needed any longer.

The second thing:

I bet you have a "config.baseUrl" value pointing to http all the time.

The http enforcer has to act in two different steps:
1: Redirection: The https enforcer catches the current request and interrupts it by redirecting to the enforced scheme if the current scheme is not the configured one.
2: Link creation: The https enforcer hooks into the typolink mechanism where it enforces absolute urls and the correct scheme if there is a scheme configured for the target page.

None of those interact with the config.baseUrl.
So you need to use typoscript conditions determining the current scheme to provide differend values for config.baseUrl.


Stephan Schuler

Telefon: +49 (911) 539909 - 0
E-Mail: Stephan.Schuler at netlogix.de
Website: media.netlogix.de

netlogix GmbH & Co. KG
IT-Services | IT-Training | Media
Andernacher Straße 53 | 90411 Nürnberg
Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
E-Mail: info at netlogix.de | Internet: http://www.netlogix.de

netlogix GmbH & Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
Umsatzsteuer-Identifikationsnummer: DE 233472254
Geschäftsführer: Stefan Buchta, Matthias Schmidt

-----Ursprüngliche Nachricht-----
Von: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-bounces at lists.typo3.org] Im Auftrag von Jason A. Lefkowitz
Gesendet: Mittwoch, 1. Februar 2012 18:25
An: typo3-english at lists.typo3.org
Betreff: [TYPO3-english] HTTPS, TYPO3 and static resources (images, etc.)

Hey all --

I have a TYPO3 Web site that needs to have its home page (and *only* its home page) served over SSL.

My first stab at dealing with this was to install the HTTPS Enforcer extension (http://typo3.org/extensions/repository/view/https_enforcer/current/),
which lets you specify particular pages in your TYPO3 site that should be forced to HTTPS. And the extension works as advertised! But there's a problem -- while requests for one of those pages are indeed handled over SSL, resources included inline in the page (like images) are not delivered over SSL. So you get a warning in your browser (which, depending on the browser, can range from a quiet information message to a full-out screaming warning page) telling you that the page isn't
*completely* secure, which (understandably) freaks people out.

So my question is -- how do you get TYPO3 to deliver a *complete* page over SSL, including modifying the URLs of static resources so they are delivered securely too? Is there some way to configure/extend HTTPS Enforcer to do that? Is there another extension that's better in this scenario? Or am I just completely out of luck?

Thanks in advance for any help you can provide!

-- Jason

Jason A. Lefkowitz
web: http://www.jasonlefkowitz.net
email: jason at jasonlefkowitz.net

"A statesman... is a dead politician.
Lord knows, we need more statesmen." -- Bloom County

TYPO3-english mailing list
TYPO3-english at lists.typo3.org

More information about the TYPO3-english mailing list