Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fixes to the automatic HTTPS redirector. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | https-all-pages-option |
Files: | files | file ages | folders |
SHA3-256: |
14ff7af42ece5597d604c381e27bb458 |
User & Date: | drh 2019-01-21 18:05:34.469 |
Context
2019-01-21
| ||
18:27 | The --nossl option is on by default for the "fossil ui" command. ... (Closed-Leaf check-in: 9ae6f866 user: drh tags: https-all-pages-option) | |
18:05 | Fixes to the automatic HTTPS redirector. ... (check-in: 14ff7af4 user: drh tags: https-all-pages-option) | |
17:33 | Provide the option to force all web page requests to go over HTTPS. ... (check-in: f372e189 user: drh tags: https-all-pages-option) | |
Changes
Changes to src/cgi.c.
︙ | ︙ | |||
352 353 354 355 356 357 358 | } /* ** Do a redirect request to the URL given in the argument. ** ** The URL must be relative to the base of the fossil server. */ | | | 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 | } /* ** Do a redirect request to the URL given in the argument. ** ** The URL must be relative to the base of the fossil server. */ NORETURN void cgi_redirect_with_status( const char *zURL, int iStat, const char *zStat ){ char *zLocation; CGIDEBUG(("redirect to %s\n", zURL)); if( strncmp(zURL,"http:",5)==0 || strncmp(zURL,"https:",6)==0 ){ |
︙ | ︙ |
Changes to src/main.c.
︙ | ︙ | |||
1353 1354 1355 1356 1357 1358 1359 | } /* ** Redirect to the equivalent HTTPS request if the current connection is ** insecure and if the redirect-to-https flag greater than or equal to ** iLevel. iLevel is 1 for /login pages and 2 for every other page. */ | | > > | | | | | > > | 1353 1354 1355 1356 1357 1358 1359 1360 1361 1362 1363 1364 1365 1366 1367 1368 1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381 1382 1383 1384 1385 1386 1387 1388 1389 1390 1391 1392 1393 1394 | } /* ** Redirect to the equivalent HTTPS request if the current connection is ** insecure and if the redirect-to-https flag greater than or equal to ** iLevel. iLevel is 1 for /login pages and 2 for every other page. */ int fossil_redirect_to_https_if_needed(int iLevel){ if( fossil_wants_https(iLevel) ){ const char *zQS = P("QUERY_STRING"); char *zURL; if( P("redir")!=0 ){ style_header("Insecure Connection"); @ <h1>Unable To Establish An Encrypted Connection</h1> @ <p>This website requires an encrypted connection. @ The current connection is not encrypted @ across the entire route between your browser and the server. @ An attempt was made to redirect to %h(g.zHttpsURL) but @ the connection is still insecure even after the redirect.</p> @ <p>This is probably some kind of configuration problem. Please @ contact your sysadmin.</p> @ <p>Sorry it did not work out.</p> style_footer(); cgi_reply(); return 1; } if( zQS==0 || zQS[0]==0 ){ zURL = mprintf("%s%T?redir=1", g.zHttpsURL, P("PATH_INFO")); }else if( zQS[0]!=0 ){ zURL = mprintf("%s%T?%s&redir=1", g.zHttpsURL, P("PATH_INFO"), zQS); } cgi_redirect_with_status(zURL, 301, "Moved Permanently"); return 1; } return 0; } /* ** Preconditions: ** ** * Environment variables are set up according to the CGI standard. ** |
︙ | ︙ | |||
1649 1650 1651 1652 1653 1654 1655 | strncmp(g.zContentType, "application/x-fossil", 20)==0 ){ /* Special case: If the content mimetype shows that it is "fossil sync" ** payload, then pretend that the PATH_INFO is /xfer so that we always ** invoke the sync page. */ zPathInfo = "/xfer"; } | < < < < < < > | 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 | strncmp(g.zContentType, "application/x-fossil", 20)==0 ){ /* Special case: If the content mimetype shows that it is "fossil sync" ** payload, then pretend that the PATH_INFO is /xfer so that we always ** invoke the sync page. */ zPathInfo = "/xfer"; } /* Use the first element of PATH_INFO as the page name ** and deliver the appropriate page back to the user. */ set_base_url(0); if( fossil_redirect_to_https_if_needed(2) ) return; if( zPathInfo==0 || zPathInfo[0]==0 || (zPathInfo[0]=='/' && zPathInfo[1]==0) ){ /* Second special case: If the PATH_INFO is blank, issue a redirect to ** the home page identified by the "index-page" setting in the repository ** CONFIG table, to "/index" if there no "index-page" setting. */ #ifdef FOSSIL_ENABLE_JSON if(g.json.isJsonMode){ |
︙ | ︙ |