[TYPO3-dev] Scheme enforcement in 4.5.x

Lucas Thurston lucas at castironcoding.com
Mon Jun 27 23:36:20 CEST 2011 

Hi all,
I have an issue that I'm hoping someone has finely crafted solution or 
the seed of a solution for, or maybe just knows something about. It has 
to do with the url_scheme field on the pages record which is new in 
TYPO3 4.5. This field allows the selection of one of three values: 
default, http. or https. The idea is that if http or https is selected 
and a page is hit in the other scheme, the visitor gets redirected to 
the specified scheme.

I'll add that I'm using RealURL and, of course, setting the base tag 
with the scheme and domain, and, with a Typoscript condition, varying 
whether the scheme is http or https. Nothing out of the ordinary.

Assuming you've selected either http or https for every page on the 
site, this all works fine so far. If you haven't set every non-https 
page on the site to http, however, you've got a problem when someone 
clicks a link to a page designated as http from a page designated as 
https. When you go to that page, the browser location bar is going to 
read https. The base href is going to indicate an http scheme, and 
you've got secure / insecure warnings (which, I might add, appear to 
persist in Chrome version 12 until you restart the browser) all over the 
place.

What's missing, in my view, is a "default" that forces a redirect. This 
way when going from one to the other, there's no chance of getting mixed 
https / http unless you do something dumb.

The code that handles this redirection is in tslib_fe::fetch_the_id() 
method. I can see that it doesn't do anything if the "default" option is 
selected (0). Only if http or https is set does anything happen. I don't 
really think that selecting http on every page of a site except the 
three that need to be secure is a viable option. It'd be better to 
handle it like https_enforcer did, enforcing those pages that are set to 
https and defaulting to http other wise.

I could probably modify the code in TSFE, bugtracker / Gerrit this thing 
within an hour, but I wanted to see if anyone knew of any changes around 
this, or had any insight.

thanks,
Lucas

More information about the TYPO3-dev mailing list