LP88653 force SSL for requests from local XUL
authorJason Etheridge <jason@esilibrary.com>
Thu, 10 Nov 2011 17:55:32 +0000 (12:55 -0500)
committerDan Wells <dbw2@calvin.edu>
Fri, 11 Nov 2011 19:23:02 +0000 (14:23 -0500)
Modifies RemoteRequest.js to convert any http:// request URL to https:// if the
requesting location has a chrome:// protocol.

Modifies util/network.js such that any use of util.network.request (as opposed
to util.network.simple_request) will assume "secure" for the resulting request.

Adds an example to the bottom of eg_vhost.conf for forcing SSL for an entire
site (OPAC and everything), courtesy of Dan Wells.

Signed-off-by: Jason Etheridge <jason@esilibrary.com>
Signed-off-by: Dan Wells <dbw2@calvin.edu>
Open-ILS/examples/apache/eg_vhost.conf
Open-ILS/web/opac/common/js/RemoteRequest.js
Open-ILS/xul/staff_client/chrome/content/util/network.js

index fdcc0ff..cf593ed 100644 (file)
@@ -625,3 +625,8 @@ RewriteRule ^/openurl$ ${openurl:%1} [NE,PT]
         </IfModule>
     </IfModule>
 </Location>
+
+# Uncomment the following to force SSL for everything. Note that this defeats caching
+# and you will suffer a performance hit.
+#RewriteCond %{HTTPS} off
+#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [NE,R,L]
index 125f57a..ae43f11 100644 (file)
@@ -213,7 +213,7 @@ RemoteRequest.prototype.send = function(blocking) {
                        url = 'http://'+XML_HTTP_SERVER+'/'+XML_HTTP_GATEWAY;
 
                if( url.match(/^http:/) && 
-                               (this.secure || location.href.match(/^https:/)) ) {
+                               (this.secure || location.href.match(/^https:/) || location.href.match(/^chrome:/) ) ) {
                        netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserRead");
                        url = url.replace(/^http:/, 'https:');
                }
index 931d174..fc2b5a6 100644 (file)
@@ -81,7 +81,12 @@ util.network.prototype = {
         //obj.error.sdump('D_SES','request '+ app + ' ' + name +' '+obj.error.pretty_print(sparams.slice(1,sparams.length-1))+
         //    '\noverride_params = ' + override_params + '\n_params = ' + _params + '\n');
 
-        try { 
+        try {
+
+            if (typeof _params == 'undefined') {
+                // If we're not using simple_request to get here, let's assume secure by default
+                _params = { 'secure' : true };
+            }
 
             var request =  this._request(app,name,params,f,override_params,_params);
             if (request) {