HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Please upgrade here. These earlier versions are no longer being updated and have security issues.

Enabling SSL in Vanilla 2?

1235

Comments

  • @basb -Does your forum work as expected for an entire session by accessing
    https://www.ssl-id.de/forum.xxxxx.de/? Can you browse the forum and does the url stay at https://www.ssl-id.de/forum.xxxxx.de or does it redirect to your sub url? I could add a https suffix url variable to the code base that would be appended around line 170 of the default.php file if the protocol is https. Not 100% sure how it would work in your case. Let me know.
  • edited March 2010
    @derekdon - If I go to https://www.ssl-id.de/forum.xxxxx.de/ (SSL-Plugin disabled) the CSS is broken and all the links go to https://www.ssl-id.de/index.php/...
    Thanks!
  • @basb - As a quick and dirty test...

    change line 168 of the plugin's default.php to read...
    if(substr($URL, 0, 8) == $this->_HTTPS_PROTOCOL) $URL = www.ssl-id.de/ . substr($URL, 8);

    and enable the plugin.

    Let me know if that works for you.
  • If so I may add an SSL suffix variable to the code for you and other users to set...
  • @derekdon - If I change the code like this, I get the following error when I try to enable the plugin:

    Parse error: syntax error, unexpected '.' in /mnt/web2/33/57/51669757/htdocs/mannoderquadrat/forum/plugins/SSLControllers/default.php on line 168

  • @basb - Sorry! Try this...

    if(substr($URL, 0, 8) == $this->_HTTPS_PROTOCOL) $URL = 'www.ssl-id.de/' . substr($URL, 8);
  • @derekdon - same problem, doesn't work...
  • @basb - When you say it doesn't work, are you getting the same parse error??? Can you post the body of that function here so I can check it... I assume you have cleared your cache etc.
  • edited March 2010
    @derekdon - the parse error is gone, but the link/domain problem is still existent...

    Thanks for you help!
  • @basb - Any chance you could provide a link to see for myself what's happening?
    I will try to have a look at this in the next couple of days, but I imagine it's probably to do with the WebRoot and Domain methods of the /library/core/class.url.php file... Might not be possible with your setup.
  • any news here?
  • edited July 2010
    any news on how to use ssl in vanilla when you're using a https-proxy?
  • bump
  • ToddTodd Chief Product Officer Vanilla Staff
    I did make some fixes that I think @TiGR said works with SSL. Maybe he can weigh in?
  • TiGRTiGR
    edited July 2010
    Yes, I am running a copy of Vanilla on https without any problems now.
  • LincLinc Former Staff Detroit Admin
    Impressive.
  • @Todd I'm using a ssl-proxy and the sslcontrollers-plugin didn't work.
    But the latest release of vanilla seems to work with it!
  • The sign in popup was doing my head in. I created a custom plugin and added this code to my header in order to remove the popup class. Works like a charm now!

    class CustomJSPlugin extends Gdn_Plugin {
    public function Base_Render_Before(&$Sender)
    {
    $JavaScript = '

    $(document).ready(function() { $("#Frame ul li a").removeClass("SignInPopup"); });

    ';
    // Send it to the Header of the page
    $Sender->Head->AddString($JavaScript);
    }
    }

  • jcwebdevjcwebdev New
    edited July 2012

    On another note, I was running into trouble with the sslcontrollerhelper.js file. Basically, when I loaded up the dashboard I was getting errors about my https pages being only partially secured. Running a diagnostic in firebug, I can see the request:

    GET getwebroot, which makes a request to https://%domain-name%/plugin/getwebroot

    is returning a 404.

    I thought that Minify might be causing the issue and with Minify disabled, the site checks out as being secure but the diagnostics still show this request as a returning a 404. Something to be concerned about?

Sign In or Register to comment.