From d50f9bc700a8e9b552845246e2a9a222023a2a09 Mon Sep 17 00:00:00 2001 From: Jason Etheridge Date: Tue, 26 Jul 2011 10:33:13 -0400 Subject: [PATCH] Load embedded OPAC via SSL by default, w/ override option * url_prefix option for using/forcing SSL. * oils.secure_opac preference for doing such with the embedded OPAC -------- To use the preference, you may want to include something like this in server/skin/custom.js: // Force non-SSL for the OPAC try { netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); var prefs = Components.classes['@mozilla.org/preferences-service;1'].getService(Components.interfaces['nsIPrefBranch']); if (!prefs.prefHasUserValue('oils.secure_opac')) { prefs.setBoolPref('oils.secure_opac',false); } } catch(E) { alert('Error in custom.js trying to set oils.secure_opac preference to false: ' + E + '\n'); } Signed-off-by: Jason Etheridge Signed-off-by: Bill Erickson --- Open-ILS/xul/staff_client/chrome/content/cat/opac.js | 14 +++++++++++++- Open-ILS/xul/staff_client/chrome/content/main/menu.js | 16 +++++++++++++--- .../xul/staff_client/chrome/content/util/browser.js | 2 +- Open-ILS/xul/staff_client/server/cat/spine_labels.js | 2 +- Open-ILS/xul/staff_client/server/patron/display.js | 18 +++++++++--------- 5 files changed, 37 insertions(+), 15 deletions(-) diff --git a/Open-ILS/xul/staff_client/chrome/content/cat/opac.js b/Open-ILS/xul/staff_client/chrome/content/cat/opac.js index 92a1ad5812..e56226a3a3 100644 --- a/Open-ILS/xul/staff_client/chrome/content/cat/opac.js +++ b/Open-ILS/xul/staff_client/chrome/content/cat/opac.js @@ -521,7 +521,19 @@ function set_opac() { content_params.set_help_context = xulG.set_help_context; content_params.get_barcode = xulG.get_barcode; - if (opac_url) { content_params.url = opac_url; } else { content_params.url = xulG.url_prefix( urls.browser ); } + var secure_opac = true; // default to secure + netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect"); + var prefs = Components.classes['@mozilla.org/preferences-service;1'].getService(Components.interfaces['nsIPrefBranch']); + if (prefs.prefHasUserValue('oils.secure_opac')) { + secure_opac = prefs.getBoolPref('oils.secure_opac'); + } + dump('secure_opac = ' + secure_opac + '\n'); + + if (opac_url) { + content_params.url = xulG.url_prefix( opac_url, secure_opac ); + } else { + content_params.url = xulG.url_prefix( urls.browser, secure_opac ); + } browser_frame = bottom_pane.set_iframe( xulG.url_prefix(urls.XUL_BROWSER) + '?name=Catalog', {}, content_params); /* // Remember to use the REMOTE_BROWSER if we ever try to move this to remote xul again browser_frame = bottom_pane.set_iframe( xulG.url_prefix(urls.XUL_REMOTE_BROWSER) + '?name=Catalog', {}, content_params); diff --git a/Open-ILS/xul/staff_client/chrome/content/main/menu.js b/Open-ILS/xul/staff_client/chrome/content/main/menu.js index 5420b7ee6a..8921eb68d5 100644 --- a/Open-ILS/xul/staff_client/chrome/content/main/menu.js +++ b/Open-ILS/xul/staff_client/chrome/content/main/menu.js @@ -38,9 +38,19 @@ main.menu.prototype = { 'toolbar_mode' : 'both', 'toolbar_labelpos' : 'side', - 'url_prefix' : function(url) { + 'url_prefix' : function(url,secure) { + // if host unspecified URL with leading /, prefix the remote hostname if (url.match(/^\//)) url = urls.remote + url; - if (! url.match(/^(http|chrome):\/\//) && ! url.match(/^data:/) ) url = 'http://' + url; + // if it starts with http:// and we want secure, convert to https:// + if (secure && url.match(/^http:\/\//)) { + url = url.replace(/^http:\/\//, 'https://'); + } + // if it doesn't start with a known protocol, add http(s):// + if (! url.match(/^(http|https|chrome):\/\//) && ! url.match(/^data:/) ) { + url = secure + ? 'https://' + url + : 'http://' + url; + } dump('url_prefix = ' + url + '\n'); return url; }, @@ -2081,7 +2091,7 @@ commands: content_params.set_tab_name = function(name) { tab.label = tab.curindex + ' ' + name; tab.origlabel = name; }; content_params.set_help_context = function(params) { return obj.set_help_context(params); }; content_params.open_chrome_window = function(a,b,c) { return xulG.window.open(a,b,c); }; - content_params.url_prefix = function(url) { return obj.url_prefix(url); }; + content_params.url_prefix = function(url,secure) { return obj.url_prefix(url,secure); }; content_params.network_meter = obj.network_meter; content_params.page_meter = obj.page_meter; content_params.get_barcode = obj.get_barcode; diff --git a/Open-ILS/xul/staff_client/chrome/content/util/browser.js b/Open-ILS/xul/staff_client/chrome/content/util/browser.js index 5ae0eb17d3..f0b4cd9fd9 100644 --- a/Open-ILS/xul/staff_client/chrome/content/util/browser.js +++ b/Open-ILS/xul/staff_client/chrome/content/util/browser.js @@ -293,7 +293,7 @@ util.browser.prototype = { if (!cw.xulG.volume_item_creator) { cw.xulG.volume_item_creator = function(a) { return window.xulG.volume_item_creator(a); }; } if (!cw.xulG.get_new_session) { cw.xulG.get_new_session = function(a) { return window.xulG.get_new_session(a); }; } if (!cw.xulG.holdings_maintenance_tab) { cw.xulG.holdings_maintenance_tab = function(a,b,c) { return window.xulG.holdings_maintenance_tab(a,b,c); }; } - if (!cw.xulG.url_prefix) { cw.xulG.url_prefix = function(url) { return window.xulG.url_prefix(url); }; } + if (!cw.xulG.url_prefix) { cw.xulG.url_prefix = function(url,secure) { return window.xulG.url_prefix(url,secure); }; } if (!cw.xulG.urls) { cw.xulG.urls = window.urls; } try { s += ('******** cw = ' + cw + ' cw.xulG = ' + (cw.xulG) + '\n'); } catch(E) { s+=E + '\n'; } obj.error.sdump('D_BROWSER',s); diff --git a/Open-ILS/xul/staff_client/server/cat/spine_labels.js b/Open-ILS/xul/staff_client/server/cat/spine_labels.js index f9936153a3..a59be61014 100644 --- a/Open-ILS/xul/staff_client/server/cat/spine_labels.js +++ b/Open-ILS/xul/staff_client/server/cat/spine_labels.js @@ -596,7 +596,7 @@ var w = win.open( loc, 'spine_preview', 'chrome,resizable,width=750,height=550'); w.xulG = { 'url' : 'about:blank', - 'url_prefix' : function (u) { return xulG.url_prefix(u); }, + 'url_prefix' : function (u,s) { return xulG.url_prefix(u,s); }, 'show_print_button' : 1, 'printer_context' : 'label', 'alternate_print' : 1, diff --git a/Open-ILS/xul/staff_client/server/patron/display.js b/Open-ILS/xul/staff_client/server/patron/display.js index 9e4ebfa532..7aa8b96bbf 100644 --- a/Open-ILS/xul/staff_client/server/patron/display.js +++ b/Open-ILS/xul/staff_client/server/patron/display.js @@ -206,7 +206,7 @@ patron.display.prototype = { obj.summary_window.g.summary.controller.render('patron_bill'); obj.bill_window.g.bills.refresh(true); }, - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } @@ -246,7 +246,7 @@ patron.display.prototype = { 'passthru_content_params' : { 'spawn_search' : spawn_search, 'spawn_editor' : spawn_editor, - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); }, @@ -291,7 +291,7 @@ patron.display.prototype = { }, 'spawn_search' : spawn_search, 'spawn_editor' : spawn_editor, - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } @@ -318,7 +318,7 @@ patron.display.prototype = { {}, { 'patron_id' : obj.patron.id(), - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } @@ -346,7 +346,7 @@ patron.display.prototype = { {}, { 'patron_id' : obj.patron.id(), - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } @@ -362,7 +362,7 @@ patron.display.prototype = { {}, { 'patron_id' : obj.patron.id(), - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } @@ -465,7 +465,7 @@ patron.display.prototype = { alert(E); } }, - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } @@ -488,7 +488,7 @@ patron.display.prototype = { { 'display_window' : window, 'patron_id' : obj.patron.id(), - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'on_money_change' : function(b) { @@ -991,7 +991,7 @@ patron.display.prototype = { {}, { 'patron_id' : obj.patron.id(), - 'url_prefix' : function(url) { return xulG.url_prefix(url); }, + 'url_prefix' : function(url,secure) { return xulG.url_prefix(url,secure); }, 'get_new_session' : function(a) { return xulG.get_new_session(a); }, 'new_tab' : function(a,b,c) { return xulG.new_tab(a,b,c); }, 'new_patron_tab' : function(a,b) { return xulG.new_patron_tab(a,b); } -- 2.11.0