Index: openacs-4/packages/acs-kernel/acs-kernel.info
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-kernel/acs-kernel.info,v
diff -u -r1.80.2.22 -r1.80.2.23
--- openacs-4/packages/acs-kernel/acs-kernel.info 20 Nov 2006 20:00:11 -0000 1.80.2.22
+++ openacs-4/packages/acs-kernel/acs-kernel.info 21 Nov 2006 13:21:41 -0000 1.80.2.23
@@ -75,7 +75,6 @@
-
Index: openacs-4/packages/acs-tcl/tcl/security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/security-procs.tcl,v
diff -u -r1.38.2.1 -r1.38.2.2
--- openacs-4/packages/acs-tcl/tcl/security-procs.tcl 20 Nov 2006 20:00:13 -0000 1.38.2.1
+++ openacs-4/packages/acs-tcl/tcl/security-procs.tcl 21 Nov 2006 13:22:00 -0000 1.38.2.2
@@ -476,15 +476,15 @@
behind a SSL proxy. If so, all connections from the SSL proxy to
the server use the HTTP protocol but HTTPS requests to the SSL
proxy have an additional header. These HTTPS requests can be
- identified by the header 'X-SSL-Request' with value 'true'.
+ identified by the header 'X-SSL-Request' with value '1'.
Supports reverse proxies. See kernel parameter UseReverseProxyP
@see security::secure_conn_p
} {
if {[ad_parameter -package_id [ad_acs_kernel_id] UseReverseProxyP security 0]} {
- return [expr [string match "https:*" [ad_conn location]] || [string equal "true" [ns_set get [ad_conn headers] X-SSL-Request]]]
+ return [expr [string match "https:*" [ad_conn location]] || [string equal [ns_set get [ad_conn headers] X-SSL-Request] 1]]
} else {
return [security::secure_conn_p]
}
@@ -1340,7 +1340,7 @@
return [expr ![empty_string_p [get_https_port]]]
}
-ad_proc -public security::secure_conn_p {} {
+ad_proc -public security::secure_conn_p {
Returns true if the connection [ad_conn] is secure (HTTPS), or false otherwise.
} {
if {[string equal [ns_set get [ns_conn headers] "X-SSL-Request"] 1]} {
@@ -1506,11 +1506,8 @@
set secure_location $current_location
} else {
# Current location is insecure - get location from config file
- if {[ad_parameter -package_id [ad_acs_kernel_id] UseReverseProxyP security 0]} {
set secure_location $current_location
- } else {
- set secure_location [ad_conn location]
- }
+
# Prefix with https
regsub {^(?:http://)?} $secure_location {https://} secure_location
Index: openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl,v
diff -u -r1.83.2.7 -r1.83.2.8
--- openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 6 Jul 2006 11:32:57 -0000 1.83.2.7
+++ openacs-4/packages/acs-tcl/tcl/utilities-procs.tcl 21 Nov 2006 13:22:00 -0000 1.83.2.8
@@ -2366,7 +2366,8 @@
set hostname $location_hostname
} else {
set hostname $Host_hostname
- if { ![empty_string_p $Host_port] } {
+ if {!([string equal [ns_set get [ns_conn headers] "X-SSL-Request"] 1] &&
+ [string equal $Host_port $default_port(https)])} {
set port $Host_port
}
}