EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #06891
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
Re: [EP-tech] Any issues under SSL?
- To: eprints-tech@ecs.soton.ac.uk
- Subject: Re: [EP-tech] Any issues under SSL?
- From: David R Newman <drn@ecs.soton.ac.uk>
- Date: Thu, 19 Oct 2017 16:47:05 +0100
Hi Alan, I believe this is now fixed in the latest GitHub commit for https://git hub.com/eprints/eprints I raised this as an issue https://github.com/e prints/eprints/issues/466 John: I wanted to be careful not to change anything other than the img element src URLs, as I was unsure whether changing the URI for an EPM from http://bazaar.eprints.org/... to https might cause problems. So my fix literally on modifies these URLs to https and only when the original request for the Admin::EPM Screen plugin was over https. Regards David Newman On Thu, 2017-10-19 at 10:55 +0000, Alan.Stiles wrote: > Thanks David / John, > I can see that the verb image URIs are stored in the epmi files for > the plugins I have installed. I’m guessing the available-tab verb- > entries are getting that URIvalue from the bazaar during the ajax > call? > I’ve already tried changing the source URI in cfg.d/epm.pl to use > https > I suppose one option would be to amend the render function for the > EPM to replace the protocol with the value from the current view (or > just https as it’s available?) > > Alan > > > From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounc > es@ecs.soton.ac.uk] On Behalf Of John Salter > Sent: 19 October 2017 09:38 > To: eprints-tech@ecs.soton.ac.uk > Subject: Re: [EP-tech] Any issues under SSL? > > I've seen this too. > I wonder whether updating > [EPRINTS_ROOT]/archives/[ARCHIVEID]/cfg/cfg.d/epm.pl to set the base > URL of the Bazaar to be https would help? > > On a related note, EPrints 3.3.10, over https, the fileicons are > served over http (EPrints::DataObj::Document::icon_url check for > $session->{preparing_static_page}, and uses http_url to construct the > URL). > > One way to resolve this is to unset $c->{host}, and just have $c- > >{securehost} set - but I'm not sure if this introduces other issues. > > Anyone else got a better resolution for this? (I know issuing an HSTS > header would solve it in practical terms, but I'd like EPrint to emit > the right URL anyway). > > Cheers, > John > > From: eprints-tech-bounces@ecs.soton.ac.uk [mailto:eprints-tech-bounc > es@ecs.soton.ac.uk] On Behalf Of David R Newman > Sent: 19 October 2017 09:12 > To: eprints-tech@ecs.soton.ac.uk > Subject: Re: [EP-tech] Any issues under SSL? > > Hi Alan, > Yes, I see this issue to when I click on the Available tab and it > loads things through from the Bazaar. bazaar.eprints.org is fully > SSL enabled, so it should be possible to fix a file somewhere on your > local repository. I am not sure which file yet. However, when I do > I will get back to you and also submit a patch so other can fix > this. It looks like it is probably a one liner. > Regards > David Newman > EPrints Services > On 19/10/2017 08:54, Alan.Stiles wrote: > Hi all, > For anyone running under SSL, do you have any errors flagged about > mixed content when using the bazaar? My test setup complains that > the verb images (e.g. ‘One-click Install’ or ‘for data’) are all > coming from http://bazaar.eprints.org. Have you implemented a local > fix or just ignore it as it only really affects you? > > Thanks, > Alan > -- The Open University is incorporated by Royal Charter (RC 000391), > an exempt charity in England & Wales and a charity registered in > Scotland (SC 038302). The Open University is authorised and regulated > by the Financial Conduct Authority in relation to its secondary > activity of credit broking. > > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints- > tech > *** Archive: http://www.eprints.org/tech.php/ > *** EPrints community wiki: http://wiki.eprints.org/ > *** EPrints developers Forum: http://forum.eprints.org/ > > *** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints- > tech > *** Archive: http://www.eprints.org/tech.php/ > *** EPrints community wiki: http://wiki.eprints.org/ > *** EPrints developers Forum: http://forum.eprints.org/
- References:
- [EP-tech] Any issues under SSL?
- From: "Alan.Stiles" <alan.stiles@open.ac.uk>
- Re: [EP-tech] Any issues under SSL?
- From: David R Newman <drn@ecs.soton.ac.uk>
- Re: [EP-tech] Any issues under SSL?
- From: John Salter <J.Salter@leeds.ac.uk>
- Re: [EP-tech] Any issues under SSL?
- From: "Alan.Stiles" <alan.stiles@open.ac.uk>
- [EP-tech] Any issues under SSL?
- Prev by Date: Re: [EP-tech] Any issues under SSL?
- Next by Date: Re: [EP-tech] Issue installing IRStats
- Previous by thread: Re: [EP-tech] Any issues under SSL?
- Next by thread: [EP-tech] Issue installing IRStats
- Index(es):