Bug #63416
closed
ExtDirectApi.php doesn't switch to https
0%
Description
Using TYPO3 version 6.2.7
My server is behind a proxy that handle SSL/HTTPS. Communication from Proxy to the actual site isn't under HTTPS.
[BE][lockSSL] = 0
(1 throw error about BE not available under SSL, 2 and 3 gives ERR_TOO_MANY_REDIRECTS)
If I call my BE like this: https://www.mysite.com/typo3/ the BE is ok except for the Pagetree. Using "inspect element" in Chrome, I got this error:
[blocked] The page at 'https://www.mysite.com/typo3/backend.php' was loaded over HTTPS, but ran insecure content from 'http://www.mysite.com/typo3/ajax.php?ajaxID=ExtDirect::route&namespace=TYPO3.Components.PageTree': this content should also be loaded over HTTPS.
Manually modifying /typo3/sysext/core/Classes/ExtDirect/ExtDirectApi.php around line 138 by hardcoding my site beginning with https make it works :
- Doesn't work, use http: $url = \TYPO3\CMS\Core\Utility\GeneralUtility::locationHeaderUrl(\TYPO3\CMS\Core\Utility\GeneralUtility::getIndpEnv('TYPO3_SITE_URL') . TYPO3_mainDir . 'ajax.php?ajaxID=ExtDirect::route&namespace=');
- Works by hardcoding : $url = 'https://www.mysite.com/' . TYPO3_mainDir . 'ajax.php?ajaxID=ExtDirect::route&namespace=';
Is this a bug or there's a way to make sure getIndpEnv('TYPO3_SITE_URL') will keep the site under https ?
Updated by Patrick Gaumond almost 10 years ago
Can be closed / deleted.
Misconfiguration on our side of [SYS][reverseProxyIP].
Sorry.
Updated by Riccardo De Contardi over 9 years ago
- Description updated (diff)
- Status changed from New to Closed
Updated by Grégory Duchesnes about 9 years ago
It is not that obvious. Behind a load-balancer without proxy $_SERVER['HTTPS'] is not always available.
Therefore, TYPO3_SSL Env variable is set to false and the BE fails miserably.
Same problem occurs to some drupal installs : https://www.drupal.org/node/797326
needs a fix