• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

A simple example : in TWikiPreferences, the PatternSkin CSS urls are configured, by default, to an absolute value, using PUBURL.

The problem is : when you access via http*s* such a TWiki site, most browsers tell the user that some part of the page is not downloaded in a secure way, and display an unlocked lock in the status bar. This is annoying for everybody, and disturbs the newbies. And from a security point of view, you never know if the parts downloaded from the servers with a non-encrypted connection are important/sensible, or not.

The simplest solution, used by some TWiki installs I manage, is to use PUBURLPATH for the CSS, logos and icons URLs. Please note that PatternSkin templates also uses PUBURL to access javascript files... and others. Wrongly, IMHO.

I've not had a look further yet, but the way absolute URLs are used in TWiki might bring internal http links on a page viewed with http*s*, which can be a real problem in certain cases : since there is no way I know to restrict a given web to http*s*, you have to be really careful to be sure not to browse unencrypted a web you prefer to browse with ssl enabled.

-- BenVoui

Argh. The problem with using relative URLs is that many templates are dual-purpose - they can be used in displaying a page on the server, but they can also be included in mail. Also, restricting to the absolute form significantly simplifies the job of things like PublishContrib that need to detect wiki urls and covert them to a different base.

What I thought - but never implemented - was that the context of the rendering should tell %SCRIPTURL whether to use absolute or relative URLs. i.e. if the context is "view" then use relative URLs, but if it's "mail" then use absolute urls. That way the right format can be used in the right places. I never implemented it because I have been waiting for feedback on what I did so far, and it's quite tricky to get right.

At the same time I'd really like to get rid of PUBURLPATH and use https://develop.twiki.org/pub exclusively, converting it to work the same way (absolute when absolutely required, relative otherwise).

Can anyone work on this? I really really haven't got time.....

CC

Read the header comment for TWiki::getScriptUrl in SVN 7715

CC

This fixed the getScriptUrl problems, great smile But the PatternSkin's images, icons, CSS and Javascript code still uses absolute URLs, which means the browsers still warn about "insecure pages" as I described above. I'm reopening this bug, and reassigning it to PatternSkin.

-- BenVoui

Fixed all the PUBURL references as well.

SVN 7769

CC

ItemTemplate
Summary The use of absolute URLs brings problems for http + httpS sites
ReportedBy BenVoui
Codebase

SVN Range 7767
AppliesTo Extension
Component PatternSkin
Priority Normal
CurrentState Closed
WaitingFor

Checkins 7715 7731 7756 7769 7776
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r7 - 2005-12-05 - CrawfordCurrie
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback