From: erickson <erickson@dcc99617-32d9-48b4-a31d-7c20da2025e4>
Date: Wed, 7 Jul 2010 13:46:37 +0000 (+0000)
Subject: added OPAC support for 1) selecting SSL manually and having it stick and 2) forcing... 
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=15d9753e482228406cb6064cb62b1fa6ce2688c3;p=evergreen%2Fbjwebb.git

added OPAC support for 1) selecting SSL manually and having it stick and 2) forcing SSL when the user is logged in to protect auth tokens and other private data.  The latter option is enabled via new apache env variable

git-svn-id: svn://svn.open-ils.org/ILS/trunk@16865 dcc99617-32d9-48b4-a31d-7c20da2025e4
---

diff --git a/Open-ILS/examples/apache/eg_vhost.conf b/Open-ILS/examples/apache/eg_vhost.conf
index 1f3c6b833..0277671ea 100644
--- a/Open-ILS/examples/apache/eg_vhost.conf
+++ b/Open-ILS/examples/apache/eg_vhost.conf
@@ -105,6 +105,11 @@ RewriteRule - - [E=locale:%1] [L]
 
     # Specify the initial script URL for Novelist (containing account credentials, etc.)
     #SetEnv OILS_NOVELIST_URL
+    
+
+    # Uncomment to force SSL any time a patron is logged in.  This protects 
+    # authentication tokens.  Left commented out for backwards compat for now.
+    #SetEnv OILS_OPAC_FORCE_LOGIN_SSL 1
 
 </LocationMatch>
 
diff --git a/Open-ILS/web/opac/common/js/opac_utils.js b/Open-ILS/web/opac/common/js/opac_utils.js
index 2e09b66e3..09163e68d 100644
--- a/Open-ILS/web/opac/common/js/opac_utils.js
+++ b/Open-ILS/web/opac/common/js/opac_utils.js
@@ -329,11 +329,18 @@ function _debug(str) {
 	*/
 }
 
+var forceLoginSSL; // set via Apache env variable
 function  buildOPACLink(args, slim, ssl) {
 
 	if(!args) args = {};
 	var string = "";
 
+    if( ssl == undefined && (
+            location.protocol == 'https:' ||
+            (forceLoginSSL && G.user && G.user.session))) {
+        ssl = true;
+    }
+
 	if(!slim) {
 		string = findBaseURL(ssl);
 		if(args.page) string += config.page[args.page];
@@ -799,7 +806,7 @@ function doLogout() {
 	
 	var nored = false;
 	try{ if(isFrontPage) nored = true; } catch(e){nored = false;}
-	if(!nored) goTo(buildOPACLink(args));
+	if(!nored) goTo(buildOPACLink(args, false, false));
 }
 
 
diff --git a/Open-ILS/web/opac/skin/default/xml/common/js_common.xml b/Open-ILS/web/opac/skin/default/xml/common/js_common.xml
index fa2011612..af0b79723 100644
--- a/Open-ILS/web/opac/skin/default/xml/common/js_common.xml
+++ b/Open-ILS/web/opac/skin/default/xml/common/js_common.xml
@@ -41,6 +41,10 @@
 			getId("home_adv_search_link").setAttribute("href", buildOPACLink({page:ADVANCED})); 
 			getId("home_myopac_link").setAttribute("href", buildOPACLink({page:MYOPAC}, false, true));
 		}
+
+        <!--#if expr="$OILS_OPAC_FORCE_LOGIN_SSL"-->
+            forceLoginSSL = true;
+        <!--#endif -->
 	</script>
 
 	<!-- enable Dojo date picker -->