Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fixes to the automatic HTTPS redirector. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | https-all-pages-option |
Files: | files | file ages | folders |
SHA3-256: |
14ff7af42ece5597d604c381e27bb458 |
User & Date: | drh 2019-01-21 18:05:34 |
Context
2019-01-21
| ||
18:27 | The --nossl option is on by default for the "fossil ui" command. Leaf check-in: 9ae6f866 user: drh tags: https-all-pages-option | |
18:05 | Fixes to the automatic HTTPS redirector. check-in: 14ff7af4 user: drh tags: https-all-pages-option | |
17:33 | Provide the option to force all web page requests to go over HTTPS. check-in: f372e189 user: drh tags: https-all-pages-option | |
Changes
Changes to src/cgi.c.
352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 |
}
/*
** Do a redirect request to the URL given in the argument.
**
** The URL must be relative to the base of the fossil server.
*/
NORETURN static void cgi_redirect_with_status(
const char *zURL,
int iStat,
const char *zStat
){
char *zLocation;
CGIDEBUG(("redirect to %s\n", zURL));
if( strncmp(zURL,"http:",5)==0 || strncmp(zURL,"https:",6)==0 ){
|
| |
352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 |
} /* ** Do a redirect request to the URL given in the argument. ** ** The URL must be relative to the base of the fossil server. */ NORETURN void cgi_redirect_with_status( const char *zURL, int iStat, const char *zStat ){ char *zLocation; CGIDEBUG(("redirect to %s\n", zURL)); if( strncmp(zURL,"http:",5)==0 || strncmp(zURL,"https:",6)==0 ){ |
Changes to src/main.c.
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
....
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
|
} /* ** Redirect to the equivalent HTTPS request if the current connection is ** insecure and if the redirect-to-https flag greater than or equal to ** iLevel. iLevel is 1 for /login pages and 2 for every other page. */ void fossil_redirect_to_https_if_needed(int iLevel){ if( fossil_wants_https(iLevel) ){ const char *zQS = P("QUERY_STRING"); if( P("redir")!=0 ){ style_header("Insecure Connection"); @ <h1>Unable To Establish An Encrypted Connection</h1> @ <p>This website requires an encrypted connection. @ The current connection is not encrypted @ across the entire route between your browser and the server. @ An attempt was made to redirect to %h(g.zHttpsURL) but @ the connection is still insecure even after the redirect.</p> @ <p>This is probably some kind of configuration problem. Please @ contact your sysadmin.</p> @ <p>Sorry it did not work out.</p> style_footer(); return; } if( zQS==0 ){ zQS = "?redir=1"; }else if( zQS[0]!=0 ){ zQS = mprintf("?%s&redir=1", zQS); } cgi_redirectf("%s%T%s", g.zHttpsURL, P("PATH_INFO"), zQS); } } /* ** Preconditions: ** ** * Environment variables are set up according to the CGI standard. ** ................................................................................ strncmp(g.zContentType, "application/x-fossil", 20)==0 ){ /* Special case: If the content mimetype shows that it is "fossil sync" ** payload, then pretend that the PATH_INFO is /xfer so that we always ** invoke the sync page. */ zPathInfo = "/xfer"; } /* If the inbound request is unencrypted and if the redirect-to-https ** setting is 2 or more, then immediately redirect the equivalent HTTPS ** URI. */ fossil_redirect_to_https_if_needed(2); /* Use the first element of PATH_INFO as the page name ** and deliver the appropriate page back to the user. */ set_base_url(0); if( zPathInfo==0 || zPathInfo[0]==0 || (zPathInfo[0]=='/' && zPathInfo[1]==0) ){ /* Second special case: If the PATH_INFO is blank, issue a redirect to ** the home page identified by the "index-page" setting in the repository ** CONFIG table, to "/index" if there no "index-page" setting. */ #ifdef FOSSIL_ENABLE_JSON if(g.json.isJsonMode){ |
|
>
>
|
|
<
>
<
>
<
>
>
>
<
<
<
<
<
<
>
|
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
....
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
|
} /* ** Redirect to the equivalent HTTPS request if the current connection is ** insecure and if the redirect-to-https flag greater than or equal to ** iLevel. iLevel is 1 for /login pages and 2 for every other page. */ int fossil_redirect_to_https_if_needed(int iLevel){ if( fossil_wants_https(iLevel) ){ const char *zQS = P("QUERY_STRING"); char *zURL; if( P("redir")!=0 ){ style_header("Insecure Connection"); @ <h1>Unable To Establish An Encrypted Connection</h1> @ <p>This website requires an encrypted connection. @ The current connection is not encrypted @ across the entire route between your browser and the server. @ An attempt was made to redirect to %h(g.zHttpsURL) but @ the connection is still insecure even after the redirect.</p> @ <p>This is probably some kind of configuration problem. Please @ contact your sysadmin.</p> @ <p>Sorry it did not work out.</p> style_footer(); cgi_reply(); return 1; } if( zQS==0 || zQS[0]==0 ){ zURL = mprintf("%s%T?redir=1", g.zHttpsURL, P("PATH_INFO")); }else if( zQS[0]!=0 ){ zURL = mprintf("%s%T?%s&redir=1", g.zHttpsURL, P("PATH_INFO"), zQS); } cgi_redirect_with_status(zURL, 301, "Moved Permanently"); return 1; } return 0; } /* ** Preconditions: ** ** * Environment variables are set up according to the CGI standard. ** ................................................................................ strncmp(g.zContentType, "application/x-fossil", 20)==0 ){ /* Special case: If the content mimetype shows that it is "fossil sync" ** payload, then pretend that the PATH_INFO is /xfer so that we always ** invoke the sync page. */ zPathInfo = "/xfer"; } /* Use the first element of PATH_INFO as the page name ** and deliver the appropriate page back to the user. */ set_base_url(0); if( fossil_redirect_to_https_if_needed(2) ) return; if( zPathInfo==0 || zPathInfo[0]==0 || (zPathInfo[0]=='/' && zPathInfo[1]==0) ){ /* Second special case: If the PATH_INFO is blank, issue a redirect to ** the home page identified by the "index-page" setting in the repository ** CONFIG table, to "/index" if there no "index-page" setting. */ #ifdef FOSSIL_ENABLE_JSON if(g.json.isJsonMode){ |