[TYPO3-english] HTTPS, TYPO3 and static resources (images, etc.)

Sergey Alexandrov serg at alexandrov.us
Wed Feb 1 20:30:29 CET 2012 

Guys,

One issue with core SSL handling is that by default, all pages have 
"default" protocol, so once you visited https, then all your pages 
become https unless you hit a page with http protocol set (not default) 
- correct me if I'm wrong,
but I've already stumbled on this and just had no time to figure out 
this issue.

With HTTPEnforcer I usually do something like this:

[globalVar = TSFE:page|tx_httpsenforcer_force_secure = 0]
config.absRefPrefix=http://www.domain.com/
[else]
config.absRefPrefix=https://www.domain.com/
[end]

or the same with config.baseURL

Thank you,
Sergey

On 2/1/2012 1:15 PM, Stephan Schuler wrote:
> Hey Jason.
>
>
> The first thing:
>
> Since the scheme stuff is part of the TYPO3 core, the https enforcer is not needed any longer.
>
>
> The second thing:
>
> I bet you have a "config.baseUrl" value pointing to http all the time.
>
> The http enforcer has to act in two different steps:
> 1: Redirection: The https enforcer catches the current request and interrupts it by redirecting to the enforced scheme if the current scheme is not the configured one.
> 2: Link creation: The https enforcer hooks into the typolink mechanism where it enforces absolute urls and the correct scheme if there is a scheme configured for the target page.
>
> None of those interact with the config.baseUrl.
> So you need to use typoscript conditions determining the current scheme to provide differend values for config.baseUrl.
>
>
> Regards,
>
>
>
> Stephan Schuler
> Web-Entwickler
>
> Telefon: +49 (911) 539909 - 0
> E-Mail: Stephan.Schuler at netlogix.de
> Website: media.netlogix.de
>
>
> --
> netlogix GmbH&  Co. KG
> IT-Services | IT-Training | Media
> Andernacher Straße 53 | 90411 Nürnberg
> Telefon: +49 (911) 539909 - 0 | Fax: +49 (911) 539909 - 99
> E-Mail: info at netlogix.de | Internet: http://www.netlogix.de
>
> netlogix GmbH&  Co. KG ist eingetragen am Amtsgericht Nürnberg (HRA 13338)
> Persönlich haftende Gesellschafterin: netlogix Verwaltungs GmbH (HRB 20634)
> Umsatzsteuer-Identifikationsnummer: DE 233472254
> Geschäftsführer: Stefan Buchta, Matthias Schmidt
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: typo3-english-bounces at lists.typo3.org [mailto:typo3-english-bounces at lists.typo3.org] Im Auftrag von Jason A. Lefkowitz
> Gesendet: Mittwoch, 1. Februar 2012 18:25
> An: typo3-english at lists.typo3.org
> Betreff: [TYPO3-english] HTTPS, TYPO3 and static resources (images, etc.)
>
> Hey all --
>
> I have a TYPO3 Web site that needs to have its home page (and *only* its home page) served over SSL.
>
> My first stab at dealing with this was to install the HTTPS Enforcer extension (http://typo3.org/extensions/repository/view/https_enforcer/current/),
> which lets you specify particular pages in your TYPO3 site that should be forced to HTTPS. And the extension works as advertised! But there's a problem -- while requests for one of those pages are indeed handled over SSL, resources included inline in the page (like images) are not delivered over SSL. So you get a warning in your browser (which, depending on the browser, can range from a quiet information message to a full-out screaming warning page) telling you that the page isn't
> *completely* secure, which (understandably) freaks people out.
>
> So my question is -- how do you get TYPO3 to deliver a *complete* page over SSL, including modifying the URLs of static resources so they are delivered securely too? Is there some way to configure/extend HTTPS Enforcer to do that? Is there another extension that's better in this scenario? Or am I just completely out of luck?
>
> Thanks in advance for any help you can provide!
>
> -- Jason
>
> --
> Jason A. Lefkowitz
> web: http://www.jasonlefkowitz.net
> email: jason at jasonlefkowitz.net
>
> "A statesman... is a dead politician.
> Lord knows, we need more statesmen." -- Bloom County
>
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english
> _______________________________________________
> TYPO3-english mailing list
> TYPO3-english at lists.typo3.org
> http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-english

More information about the TYPO3-english mailing list