[Vtigercrm-developers] support https and http at the same time

Christophe Humbert chrissc.humbert at gmail.com
Wed Apr 29 11:23:13 GMT 2015


Always use https no brainer and force either in your .htacces or httpd.conf
the SSL use

Christophe Humbert



On Wed, Apr 29, 2015 at 1:12 PM, Prasad <prasad at vtiger.com> wrote:

> Use https if you have the option (have http redirect to https) - a
> suggestion.
>
> --
> FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm>
>  I LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>
> On Wed, Apr 29, 2015 at 3:32 PM, Alan Bell <alan.bell at libertus.co.uk>
> wrote:
>
>> we wanted to make https optional for a vtiger instance, it doesn't do
>> that out of the box because the http referrer is checked against the
>> $siteURL global, so the protocol has to match and you get an Illegal
>> request error on logging in. I did a little tweak to
>> includes/http/Request.php to the validateReferrer function:
>>
>>     protected function validateReferer() {
>>         $user=  vglobal('current_user');
>>                    // Referer check if present - to over come
>>                 if (isset($_SERVER['HTTP_REFERER']) && $user) {//Check
>> for user post authentication.
>>                         global $site_URL;
>>                         $sitehost=parse_url($site_URL);
>> $referrerhost=parse_url($_SERVER['HTTP_REFERER']);
>>                         if (($sitehost['host']!=$referrerhost['host']) &&
>> ($this->get('module') != 'Install')) {
>>                                    throw new Exception('Illegal request');
>>                         }
>>                 }
>>                 return true;
>>         }
>>
>>
>> so now it parses the site url and the referrer url and checks that the
>> host portion of each is a match, I don't really care if you bounce between
>> protocols or ports as long as it is on the same host.
>>
>> Alan.
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150429/fb12bd43/attachment.html>


More information about the vtigercrm-developers mailing list