Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v diff -u -r1.38.2.2 -r1.38.2.3 --- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 21 Nov 2006 13:22:00 -0000 1.38.2.2 +++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 21 Nov 2006 14:10:38 -0000 1.38.2.3 @@ -470,27 +470,14 @@ ad_set_signed_cookie -secure t "ad_secure_token" "[ad_conn session_id],[ad_conn user_id],[ns_time]" } -ad_proc -public ad_secure_conn_p {} { - Returns true if the connection [ad_conn] is secure (HTTPS), or - false otherwise. Takes into account that the web server might be - behind a SSL proxy. If so, all connections from the SSL proxy to - the server use the HTTP protocol but HTTPS requests to the SSL - proxy have an additional header. These HTTPS requests can be - identified by the header 'X-SSL-Request' with value '1'. - - Supports reverse proxies. See kernel parameter UseReverseProxyP +ad_proc -public -deprecated -warn ad_secure_conn_p {} { + Use security::secure_conn_p instead. - @see security::secure_conn_p + @see security::secure_conn_p } { - - if {[ad_parameter -package_id [ad_acs_kernel_id] UseReverseProxyP security 0]} { - return [expr [string match "https:*" [ad_conn location]] || [string equal [ns_set get [ad_conn headers] X-SSL-Request] 1]] - } else { - return [security::secure_conn_p] - } + return [security::secure_conn_p] } - ad_proc -private sec_allocate_session {} { Returns a new session id @@ -1340,14 +1327,10 @@ return [expr ![empty_string_p [get_https_port]]] } -ad_proc -public security::secure_conn_p { +ad_proc -public security::secure_conn_p {} { Returns true if the connection [ad_conn] is secure (HTTPS), or false otherwise. } { - if {[string equal [ns_set get [ns_conn headers] "X-SSL-Request"] 1]} { - return 1 - } else { - return [string match "https:*" [util_current_location]] - } + return [string match "https:*" [util_current_location]] } ad_proc -public security::RestrictLoginToSSLP {} { @@ -1506,8 +1489,7 @@ set secure_location $current_location } else { # Current location is insecure - get location from config file - set secure_location $current_location - + set secure_location [ad_conn location] # Prefix with https regsub {^(?:http://)?} $secure_location {https://} secure_location Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v diff -u -r1.83.2.8 -r1.83.2.9 --- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 21 Nov 2006 13:22:00 -0000 1.83.2.8 +++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 21 Nov 2006 14:10:38 -0000 1.83.2.9 @@ -2366,10 +2366,9 @@ set hostname $location_hostname } else { set hostname $Host_hostname - if {!([string equal [ns_set get [ns_conn headers] "X-SSL-Request"] 1] && - [string equal $Host_port $default_port(https)])} { + if { ![empty_string_p $Host_port] } { set port $Host_port - } + } } if { ![empty_string_p $port] && ![string equal $port $default_port($proto)] } {