[Vtigercrm-developers] support https and http at the same time

Alan Bell alan.bell at libertus.co.uk
Wed Apr 29 10:02:24 GMT 2015


we wanted to make https optional for a vtiger instance, it doesn't do 
that out of the box because the http referrer is checked against the 
$siteURL global, so the protocol has to match and you get an Illegal 
request error on logging in. I did a little tweak to 
includes/http/Request.php to the validateReferrer function:

     protected function validateReferer() {
         $user=  vglobal('current_user');
                    // Referer check if present - to over come
                 if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check 
for user post authentication.
                         global $site_URL;
                         $sitehost=parse_url($site_URL);
$referrerhost=parse_url($_SERVER['HTTP_REFERER']);
                         if (($sitehost['host']!=$referrerhost['host']) 
&& ($this->get('module') != 'Install')) {
                                    throw new Exception('Illegal request');
                         }
                 }
                 return true;
         }


so now it parses the site url and the referrer url and checks that the 
host portion of each is a match, I don't really care if you bounce 
between protocols or ports as long as it is on the same host.

Alan.


More information about the vtigercrm-developers mailing list