Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Jsconnect SSO, Embedded forum, and HTTPS issue

Hi Guys,

I've got a site which runs completley within a secure HTTPS framework. I've embedded the forum and am able to get everything working locally where we aren't running certs. On production, after setting everything up, I was able to log in as my user, but the iframe tried to redirect to an HTTP link as opposed to the HTTPS link I get on my local. This caused the site to break, hanging with a 'Please Wait' notice. On reload, the user is logged in and everything works until I try to post a new discussion, same mixed content error.

I have ForceSSL = TRUE in config, on my local environment it sends me to HTTPS links, and it seems to work fine when not embedded.

Any ideas? I'm perfectly comfortable getting under the hood with this stuff.

Comments

  • hgtonighthgtonight ∞ · New Moderator

    How are you embedding?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • We're using Twig as a templating engine on our site and I'm using the generated script tag in the HTML of a basic page. The forum is running on the same domain, we're basically using the embed feature to allow us to keep all our dynamic functionality in the header.

    Also, it's Vanilla 2.1 running on a non MVC PHP site. So I'm wondering of there is something hidden in the classes that I can't find.

    I'm wondering if I'm not better off just building/customizing a theme at this point.

  • hgtonighthgtonight ∞ · New Moderator

    @heycampbell said:

    I'm wondering if I'm not better off just building/customizing a theme at this point.

    That is always preferable to embedding, imo.

    What is the specific script tag look like?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • Thanks for the learning resources.

    Our current template looks like this:

    <div class="internal">
    <div class="container">
        <div class="container-fluid">
    
            <script type="text/javascript" src="https://www.betterhelp.com.local/forum/js/embed.js"></script>
    
            <noscript>Please enable JavaScript to view the <a href="http://vanillaforums.com/?ref_noscript">discussions powered by Vanilla.</a></noscript>
    
        </div>
    </div>
    

  • hgtonighthgtonight ∞ · New Moderator

    I don't use the embed functionality, but the only reference I found for http:// that doesn't make immediate sense is on line 151 of /js/embed.js. This should only matter if you are trying to access the dashboard from the embed.

    Is that the link that causes the error, or is it any link?

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • It's something to do with the callback after a user logs in. Once it gets through the creating the session and logging them in, it tries to return to the forum via an http: link. Thats what kills us as it causes a mixed content error. I think the force ssl catches it when we are accessing the forum directly, but not when we are accessing it through the embedded link. It also occurs after a user posts a new discussion. I think it might be anytime there is an actual post request. Reloading the page shows all the data has been sent and is on the server, user is logged in, all that. It's just the redirect after the post.

    I'm just getting used to PHP after working in Rails for a while. I'm not sure how the controllers work, but in Rails, there is a redirect/render page step after a Post. Any thoughts on where I could find that?

  • hgtonighthgtonight ∞ · New Moderator

    I am not sure what exactly you are looking for.

    Controllers always call the Render method which is a declared magic method in Garden. It ends up calling Gdn_Controller::xRender() method by default. It handles rendering based on the deliveryType and deliveryMethod. Since it is a magic method you can override and/or hook before/after its execution.

    Search first

    Check out the Documentation! We are always looking for new content and pull requests.

    Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    I think The problem you have is the same others who use SSL have had when embedding .

    You need to edit the js for the embed so all links point to https . This only happens when you are using ssl and are embedded.

    Best advice, create a theme to match your site, it is very easy and spare yourself any issues now and in the future.

  • I've tried editing the js to only point to https, also put in a rewrite script into the htaccess. I just can't figure out where the http is being called.

    I've done the whole theme build now, basically converting the twig templates we have for our header and footer into Smarty. Although I can't seem to get Smarty to find the templates when I try to included them as partials. I've taken the route of hardcoding them into the default.master template.

    Where is Vanilla configured to uses as a base directory for templates? I'd love to refactor this down a bit.

  • R_JR_J Ex-Fanboy Munich Admin

    @heycampbell said:
    Although I can't seem to get Smarty to find the templates when I try to included them as partials. I've taken the route of hardcoding them into the default.master template.

    Where is Vanilla configured to uses as a base directory for templates? I'd love to refactor this down a bit.

    http://vanillaforums.org/discussion/27767/how-to-create-custom-smarty-functions

Sign In or Register to comment.