EPrints Technical Mailing List Archive

See the EPrints wiki for instructions on how to join this mailing list and related information.

Message: #01337


< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

[EP-tech] Re: Infinite redirect on staffonly document


Okay, so redirecting to the https version of the document works. The patch for 3.3.6 is 

*** Rewrite.pm.20121126 2012-11-26 13:29:09.362766562 +0000
--- Rewrite.pm  2012-11-28 08:54:13.392769980 +0000
***************
*** 434,439 ****
--- 434,452 ----
                                return NOT_FOUND;
                        }

+                       # jjh, 26th november 2012, staffonly documents should be redirected to https if the server has https...
+                       # redirect secure stuff
+                       if( $repository->config( "securehost" ) && !$secure && !$doc->is_public() )
+                       {
+                           my $https_redirect = $repository->current_url(
+                               scheme => "https",
+                               host => 1,
+                               path => "static",
+                               "$eprintid/$pos$uri" ) . $args;
+                           return redir( $r, $https_redirect );
+                       }
+                       # ...end
+
                        if( !length($uri) )
                        {
                                return redir( $r, "$urlpath/$eprintid/$pos/$args" );

Thanks,

Jon

-----Original Message-----

Message: 1
Date: Thu, 15 Nov 2012 12:00:09 +0000
From: Jon Hallett <Jon.Hallett@uwe.ac.uk>
Subject: [EP-tech]  Infinite redirect on staffonly document
To: "'eprints-tech@ecs.soton.ac.uk' (eprints-tech@ecs.soton.ac.uk)"
	<eprints-tech@ecs.soton.ac.uk>
Message-ID:
	<361D6B1A2B6D194081955E94772543F288E040A614@EGEN-MBX01.campus.ads.uwe.ac.uk>
	
Content-Type: text/plain; charset="us-ascii"

Another problem related to http://www.eprints.org/tech.php/16874.html and http://www.eprints.org/tech.php/16546.html.

As before, this affects an EPrints instance which uses different domains for http and https (http://researchdata.uwe.ac.uk/ and https://eprints.uwe.ac.uk/datasecure/).

This time the problem is that we have a document restricted to repository staff which is inaccessible from its abstract page. Clicking on the document's link causes EPrints to issue an infinite series of redirects.

I'm guessing that the root cause is that the document link is http://researchdata.uwe.ac.uk/85/1/Lorem%20ipsum.pdf, but the login process happens on https://eprints.uwe.ac.uk/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F85%2F1%2FLorem%2520ipsum.pdf, so researchdata.uwe.ac.uk never sees the user cookies. https://eprints.uwe.ac.uk/datasecure/85/1/Lorem%20ipsum.pdf works as expected.

Anyway, is the fix to redirect secure documents to their https URLs, as is already done in Rewrite.pm for secure CGI directories?

Thanks,

Jon