[Vtigercrm-developers] support https and http at the same time
Alan Bell
alan.bell at libertus.co.uk
Wed Apr 29 10:02:24 GMT 2015
we wanted to make https optional for a vtiger instance, it doesn't do
that out of the box because the http referrer is checked against the
$siteURL global, so the protocol has to match and you get an Illegal
request error on logging in. I did a little tweak to
includes/http/Request.php to the validateReferrer function:
protected function validateReferer() {
$user= vglobal('current_user');
// Referer check if present - to over come
if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check
for user post authentication.
global $site_URL;
$sitehost=parse_url($site_URL);
$referrerhost=parse_url($_SERVER['HTTP_REFERER']);
if (($sitehost['host']!=$referrerhost['host'])
&& ($this->get('module') != 'Install')) {
throw new Exception('Illegal request');
}
}
return true;
}
so now it parses the site url and the referrer url and checks that the
host portion of each is a match, I don't really care if you bounce
between protocols or ports as long as it is on the same host.
Alan.
More information about the vtigercrm-developers
mailing list