Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Enabling SSL in Vanilla 2?

1246

Comments

  • @Mark
    Thanks for clearing this up for me. I've dealt with cross domain policy quite a bit in Flash, but like I said I don't use Ajax a great deal so this is news to me. Any idea what the best way to tackle this might be?

    I came across a post, http://abhinavsingh.com/blog/2009/11/making-cross-sub-domain-ajax-xhr-requests-using-mod_proxy-and-iframes/
    which discusses the use of mod_proxy as a possible solution. I know iframes may do the trick but I'm not mad on the idea.

    I think any content under /home/(Index, FileNotFound, TermsOfService, PrivacyPolicy, RegistrationUnderApproval, Permission), should be delivered/viewable under http. The TermsOfService, and PrivacyPolicy should be viewable (popup if possible) from the register page under https. I know I could copy these under /entry/ but I don't want to duplicate content. Could a TermsOfService() and PrivacyPolicy() function if added to the EntryController render these views without calling the HomeController?

  • lucluc ✭✭
    edited January 2010
    mod_proxy being apache specific (at least, I think so, with the name), that definitely shouldn't be the complete solution.
  • derekdonderekdon New
    edited January 2010
    @bean
    It sounded like you were going to say mod_proxy shouldn't be used because it's apache specific... is that what you meant or are you saying that it IS probably the right approach? Sorry just want to be clear. Have you tried SSLControllers yet? Interested to hear if anyone has any problems with it, but as I said it does need a couple of core file updates to work. The files are listed in the plugin's comment.
  • lucluc ✭✭
    Missing a "n't" :). It's edited now.
    It should not be the solution as it's specific a single webserver.


    I haven't tried it yet, no. As it's only running on a couple of website (for css test and for plugins/applications tests), I don't really need it, as the password are specific for those 2 sites. But that's definitely something that should be there in the released v2.
  • Using a proxy, the password would be sent using http. You don't want that. To login using https from the http domain, you need to drop the ajax validation.
  • @bean, @Dinoboff
    Fair enough... any ideas on opening the TermsOfService from the https register form?
  • MarkMark Vanilla Staff
    I'm wondering if your plugin could add js that overrides the default js and pop the terms of service into an actual popup window?
  • MarkMark Vanilla Staff
    Obviously you could also just https the TOS. There's really no harm in it.
  • @Mark
    Yeah I guess I could add some js that overrides the default...
    Would it make any sense to add a TermsOfService() and PrivacyPolicy() method to the EntryController that could load those views without calling the HomeController or duplicating any content?
  • @Mark
    Would it be possible to read a variable from the config.php within my custom js file for this plugin? I was thinking I could use the existing popup class hooks to trigger a custom popup/link function in the custom js, that checked if a "use popup" variable was set to true before rendering a standard popup, or if false simply re-directed the window to the requested url. This would remove the need for plugin users to remove the popup class refs from the links in their default.master and module templates that contain popup links. I'm just not sure if I can read the a value from config.php from the js?
  • MarkMark Vanilla Staff
    You can add the variable to the definition list using $Controller->AddDefinition() and then use js to grab it from the page.
  • @Mark
    Sweet! Thanks!
  • derekdonderekdon New
    edited February 2010
    @Mark, @Dinoboff

    The plugin now has a protected $_UsePopups = TRUE; this is added to the config.php file, and the $Sender->AddDefinition('UsePopups', $UsePopups); is set, along with a custom js file, $Sender->AddJsFile('plugins/SSLControllers/sslcontrollerhelper.js');.

    All this is working fine, but I need a little help overriding the default popup behaviour in javascript. Not up on jquery/ajax...

    The contents of sslcontrollerhelper.js look like this:

    jQuery(document).ready(function($)
    {
    // The following getJSON snippet is based on the AnonymizeURLs Plugin js snippet.

    var WebRoot = '';
    // Get the protocol and WebRoot for the current controller via an ajax call
    // "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create"
    $.getJSON("/plugin/getwebroot", function (json)
    {
    WebRoot = json.WebRoot;
    });


    // Override Ajax popups or open popup links directly
    var UsePopups = definition('UsePopups', 1);

    // Override default?
    $.popup = function(options, data)
    {
    var UsePopups = definition('UsePopups', 1);
    //alert('UsePopups = ' + UsePopups);
    var href = $(this).attr('href');
    (UsePopups) ? window.open(href, 'popup', 'height=500,width=400,toolbar=no') : window.location = href;
    return false;
    }

    /*
    $(function() {
    $('a.SignInPopup').click(function() {
    var href = $(this).attr('href');
    window.open(href, 'popup', 'height=500,width=400,toolbar=no');
    return false;
    });
    });
    */
    });

    It's just not working as I'd expect. Redefining the $.popup = function() has stopped the ajax popup from happening, but it's now just redirecting to the href. I tried to do this:

    $('a.SignInPopup').popup = null;
    and
    delete $('a.SignInPopup').popup;

    then add my own click function but with this the ajax popup still tries to open, so I'm doing something wrong.

    Anyone know what the js code should look like?
  • @Mark, @Dinoboff
    Okay, I got this working in the end with the following js in sslcontrollerhelper.js.

    jQuery(document).ready(function($)
    {
    // The following getJSON snippet is based on the AnonymizeURLs Plugin js snippet.

    var WebRoot = '';
    // Get the protocol and WebRoot for the current controller via an ajax call
    // "/plugin/getwebroot" maps to magic method "PluginController_GetWebRoot_Create"
    $.getJSON("/plugin/getwebroot", function (json)
    {
    WebRoot = json.WebRoot;
    });

    // Open href in a normal popup window or the current window
    SSLPopup = function()
    {
    var UsePopups = definition('UsePopups', 0);
    var href = $(this).attr('href');
    if(UsePopups)
    {
    // TODO: Window sizing/positioning etc
    window.open(href, 'popup', 'height=500,width=400,toolbar=0,scrollbars=1,resizable=1').focus();
    }
    else
    window.location = href;
    return false;
    }

    // Override Ajax popups
    $('a.Popup').click(SSLPopup);
    $('a.Popdown').click(SSLPopup);
    $('a.SignInPopup').click(SSLPopup);
    });

    At the moment I don't have a nice way to resize the popup depending on page content etc, and the sign up page does not have a liquid width so it won't fit inside a thinner popup window. As a result I have set the default for UsePopups to be FALSE. This means if you enable this plugin all your popup links (class Popup, Popdown & SignInPopup) will open their links in the current window by default. Current setups will work without any html/css class adjustments. Also opening in the current window actually looks better then having a non-ajax popup in my opinion.

    Should be a viable plugin now to add to the add ons? What do you think? Only thing is users will still need some of the latest core files as stated in the plugin comment.

    I'm going to commit the latest changes to github shortly.
    http://github.com/derekdon/GardenPlugins
  • Changes committed!
  • Plugin added: http://vanillaforums.org/addon/514/sslcontrollers

    Once people start using it and providing feedback we may learn of a better way to handle the popup problem.
  • I only have acces to SSL by using another domain:
    I have to use https://www.ssl-id.de/forum.xxxxx.de/ instead of http://forum.xxxxx.de/
    Can I just enter the https://www.ssl-id.de/ -part somewhere in the default.php of the plugin to make it work?

    thanks!
  • Or maybe this could work by a mixture of the plugin and .htaccess?
  • @basb - What is the value of $Configuration['Garden']['Domain'] in your /conf/config.php file?
  • @derekdon - $Configuration['Garden']['Domain'] = 'forum.xxxxxt.de/';
Sign In or Register to comment.