@Mark Thanks for clearing this up for me. I've dealt with cross domain policy quite a bit in Flash, but like I said I don't use Ajax a great deal so this is news to me. Any idea what the best way to tackle this might be?
I think any content under /home/(Index, FileNotFound, TermsOfService, PrivacyPolicy, RegistrationUnderApproval, Permission), should be delivered/viewable under http. The TermsOfService, and PrivacyPolicy should be viewable (popup if possible) from the register page under https. I know I could copy these under /entry/ but I don't want to duplicate content. Could a TermsOfService() and PrivacyPolicy() function if added to the EntryController render these views without calling the HomeController?
@bean It sounded like you were going to say mod_proxy shouldn't be used because it's apache specific... is that what you meant or are you saying that it IS probably the right approach? Sorry just want to be clear. Have you tried SSLControllers yet? Interested to hear if anyone has any problems with it, but as I said it does need a couple of core file updates to work. The files are listed in the plugin's comment.
Missing a "n't" . It's edited now. It should not be the solution as it's specific a single webserver.
I haven't tried it yet, no. As it's only running on a couple of website (for css test and for plugins/applications tests), I don't really need it, as the password are specific for those 2 sites. But that's definitely something that should be there in the released v2.
Using a proxy, the password would be sent using http. You don't want that. To login using https from the http domain, you need to drop the ajax validation.
@Mark Yeah I guess I could add some js that overrides the default... Would it make any sense to add a TermsOfService() and PrivacyPolicy() method to the EntryController that could load those views without calling the HomeController or duplicating any content?
@Mark Would it be possible to read a variable from the config.php within my custom js file for this plugin? I was thinking I could use the existing popup class hooks to trigger a custom popup/link function in the custom js, that checked if a "use popup" variable was set to true before rendering a standard popup, or if false simply re-directed the window to the requested url. This would remove the need for plugin users to remove the popup class refs from the links in their default.master and module templates that contain popup links. I'm just not sure if I can read the a value from config.php from the js?
The plugin now has a protected $_UsePopups = TRUE; this is added to the config.php file, and the $Sender->AddDefinition('UsePopups', $UsePopups); is set, along with a custom js file, $Sender->AddJsFile('plugins/SSLControllers/sslcontrollerhelper.js');.
All this is working fine, but I need a little help overriding the default popup behaviour in javascript. Not up on jquery/ajax...
The contents of sslcontrollerhelper.js look like this:
jQuery(document).ready(function($) { // The following getJSON snippet is based on the AnonymizeURLs Plugin js snippet.
var WebRoot = ''; // Get the protocol and WebRoot for the current controller via an ajax call // "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create" $.getJSON("/plugin/getwebroot", function (json) { WebRoot = json.WebRoot; });
// Override Ajax popups or open popup links directly var UsePopups = definition('UsePopups', 1);
It's just not working as I'd expect. Redefining the $.popup = function() has stopped the ajax popup from happening, but it's now just redirecting to the href. I tried to do this:
$('a.SignInPopup').popup = null; and delete $('a.SignInPopup').popup;
then add my own click function but with this the ajax popup still tries to open, so I'm doing something wrong.
@Mark, @Dinoboff Okay, I got this working in the end with the following js in sslcontrollerhelper.js.
jQuery(document).ready(function($) { // The following getJSON snippet is based on the AnonymizeURLs Plugin js snippet.
var WebRoot = ''; // Get the protocol and WebRoot for the current controller via an ajax call // "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create" $.getJSON("/plugin/getwebroot", function (json) { WebRoot = json.WebRoot; });
// Open href in a normal popup window or the current window SSLPopup = function() { var UsePopups = definition('UsePopups', 0); var href = $(this).attr('href'); if(UsePopups) { // TODO: Window sizing/positioning etc window.open(href, 'popup', 'height=500,width=400,toolbar=0,scrollbars=1,resizable=1').focus(); } else window.location = href; return false; }
At the moment I don't have a nice way to resize the popup depending on page content etc, and the sign up page does not have a liquid width so it won't fit inside a thinner popup window. As a result I have set the default for UsePopups to be FALSE. This means if you enable this plugin all your popup links (class Popup, Popdown & SignInPopup) will open their links in the current window by default. Current setups will work without any html/css class adjustments. Also opening in the current window actually looks better then having a non-ajax popup in my opinion.
Should be a viable plugin now to add to the add ons? What do you think? Only thing is users will still need some of the latest core files as stated in the plugin comment.
Comments
Thanks for clearing this up for me. I've dealt with cross domain policy quite a bit in Flash, but like I said I don't use Ajax a great deal so this is news to me. Any idea what the best way to tackle this might be?
I came across a post, http://abhinavsingh.com/blog/2009/11/making-cross-sub-domain-ajax-xhr-requests-using-mod_proxy-and-iframes/
which discusses the use of mod_proxy as a possible solution. I know iframes may do the trick but I'm not mad on the idea.
I think any content under /home/(Index, FileNotFound, TermsOfService, PrivacyPolicy, RegistrationUnderApproval, Permission), should be delivered/viewable under http. The TermsOfService, and PrivacyPolicy should be viewable (popup if possible) from the register page under https. I know I could copy these under /entry/ but I don't want to duplicate content. Could a TermsOfService() and PrivacyPolicy() function if added to the EntryController render these views without calling the HomeController?
It sounded like you were going to say mod_proxy shouldn't be used because it's apache specific... is that what you meant or are you saying that it IS probably the right approach? Sorry just want to be clear. Have you tried SSLControllers yet? Interested to hear if anyone has any problems with it, but as I said it does need a couple of core file updates to work. The files are listed in the plugin's comment.
It should not be the solution as it's specific a single webserver.
I haven't tried it yet, no. As it's only running on a couple of website (for css test and for plugins/applications tests), I don't really need it, as the password are specific for those 2 sites. But that's definitely something that should be there in the released v2.
Fair enough... any ideas on opening the TermsOfService from the https register form?
Yeah I guess I could add some js that overrides the default...
Would it make any sense to add a TermsOfService() and PrivacyPolicy() method to the EntryController that could load those views without calling the HomeController or duplicating any content?
Would it be possible to read a variable from the config.php within my custom js file for this plugin? I was thinking I could use the existing popup class hooks to trigger a custom popup/link function in the custom js, that checked if a "use popup" variable was set to true before rendering a standard popup, or if false simply re-directed the window to the requested url. This would remove the need for plugin users to remove the popup class refs from the links in their default.master and module templates that contain popup links. I'm just not sure if I can read the a value from config.php from the js?
Sweet! Thanks!
The plugin now has a protected $_UsePopups = TRUE; this is added to the config.php file, and the $Sender->AddDefinition('UsePopups', $UsePopups); is set, along with a custom js file, $Sender->AddJsFile('plugins/SSLControllers/sslcontrollerhelper.js');.
All this is working fine, but I need a little help overriding the default popup behaviour in javascript. Not up on jquery/ajax...
The contents of sslcontrollerhelper.js look like this:
jQuery(document).ready(function($)
{
// The following getJSON snippet is based on the AnonymizeURLs Plugin js snippet.
var WebRoot = '';
// Get the protocol and WebRoot for the current controller via an ajax call
// "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create"
$.getJSON("/plugin/getwebroot", function (json)
{
WebRoot = json.WebRoot;
});
// Override Ajax popups or open popup links directly
var UsePopups = definition('UsePopups', 1);
// Override default?
$.popup = function(options, data)
{
var UsePopups = definition('UsePopups', 1);
//alert('UsePopups = ' + UsePopups);
var href = $(this).attr('href');
(UsePopups) ? window.open(href, 'popup', 'height=500,width=400,toolbar=no') : window.location = href;
return false;
}
/*
$(function() {
$('a.SignInPopup').click(function() {
var href = $(this).attr('href');
window.open(href, 'popup', 'height=500,width=400,toolbar=no');
return false;
});
});
*/
});
It's just not working as I'd expect. Redefining the $.popup = function() has stopped the ajax popup from happening, but it's now just redirecting to the href. I tried to do this:
$('a.SignInPopup').popup = null;
and
delete $('a.SignInPopup').popup;
then add my own click function but with this the ajax popup still tries to open, so I'm doing something wrong.
Anyone know what the js code should look like?
Okay, I got this working in the end with the following js in sslcontrollerhelper.js.
jQuery(document).ready(function($)
{
// The following getJSON snippet is based on the AnonymizeURLs Plugin js snippet.
var WebRoot = '';
// Get the protocol and WebRoot for the current controller via an ajax call
// "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create"
$.getJSON("/plugin/getwebroot", function (json)
{
WebRoot = json.WebRoot;
});
// Open href in a normal popup window or the current window
SSLPopup = function()
{
var UsePopups = definition('UsePopups', 0);
var href = $(this).attr('href');
if(UsePopups)
{
// TODO: Window sizing/positioning etc
window.open(href, 'popup', 'height=500,width=400,toolbar=0,scrollbars=1,resizable=1').focus();
}
else
window.location = href;
return false;
}
// Override Ajax popups
$('a.Popup').click(SSLPopup);
$('a.Popdown').click(SSLPopup);
$('a.SignInPopup').click(SSLPopup);
});
At the moment I don't have a nice way to resize the popup depending on page content etc, and the sign up page does not have a liquid width so it won't fit inside a thinner popup window. As a result I have set the default for UsePopups to be FALSE. This means if you enable this plugin all your popup links (class Popup, Popdown & SignInPopup) will open their links in the current window by default. Current setups will work without any html/css class adjustments. Also opening in the current window actually looks better then having a non-ajax popup in my opinion.
Should be a viable plugin now to add to the add ons? What do you think? Only thing is users will still need some of the latest core files as stated in the plugin comment.
I'm going to commit the latest changes to github shortly.
http://github.com/derekdon/GardenPlugins
Once people start using it and providing feedback we may learn of a better way to handle the popup problem.
I have to use https://www.ssl-id.de/forum.xxxxx.de/ instead of http://forum.xxxxx.de/
Can I just enter the https://www.ssl-id.de/ -part somewhere in the default.php of the plugin to make it work?
thanks!