[Vtigercrm-developers] support https and http at the same time
Prasad
prasad at vtiger.com
Wed Apr 29 11:12:06 GMT 2015
Use https if you have the option (have http redirect to https) - a
suggestion.
--
FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm> I
LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
<https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
On Wed, Apr 29, 2015 at 3:32 PM, Alan Bell <alan.bell at libertus.co.uk> wrote:
> we wanted to make https optional for a vtiger instance, it doesn't do that
> out of the box because the http referrer is checked against the $siteURL
> global, so the protocol has to match and you get an Illegal request error
> on logging in. I did a little tweak to includes/http/Request.php to the
> validateReferrer function:
>
> protected function validateReferer() {
> $user= vglobal('current_user');
> // Referer check if present - to over come
> if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check for
> user post authentication.
> global $site_URL;
> $sitehost=parse_url($site_URL);
> $referrerhost=parse_url($_SERVER['HTTP_REFERER']);
> if (($sitehost['host']!=$referrerhost['host']) &&
> ($this->get('module') != 'Install')) {
> throw new Exception('Illegal request');
> }
> }
> return true;
> }
>
>
> so now it parses the site url and the referrer url and checks that the
> host portion of each is a match, I don't really care if you bounce between
> protocols or ports as long as it is on the same host.
>
> Alan.
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150429/5a73a189/attachment.html>
More information about the vtigercrm-developers
mailing list