Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Live update under SSL produces empty referer error #3538

Closed
issue-bot opened this issue Nov 29, 2011 · 7 comments

Comments

@issue-bot
Copy link
Collaborator

commented Nov 29, 2011

Hi Leo,

I have an install that redirects to SSL with an .htaccess redirect. When I attempt to update via liveupdate, I get the following error:

Empty referer address

This error occurres because your browser does not submit the referer host address. You are probably running a security suite, anonymizer tool or browser toolbar that blocks the referer host address to prevent user tracking. However, the referer host address is required to use the live update service.

Can there be a way to work around this?

Thanks,

Fred

--- Originally created by fbliss on October 11th, 2011, at 07:34pm (ID 3538)

@aschempp

This comment has been minimized.

Copy link
Contributor

commented Nov 29, 2011

I noticed that too. Could it be that the LiveUpdate does not have an SSL certificate and redirects to non-SSL to prevent the error message? Therefore the Referrer might be lost.

--- Originally created on October 12th, 2011, at 09:51am

@leofeyer

This comment has been minimized.

Copy link
Member

commented Nov 29, 2011

Of course, the Live Update server has an SSL certificate.

https://www.inetrobots.com/liveupdate/

Did you adjust the Live Update URL in the back end settings accordingly?

--- Originally created on October 12th, 2011, at 12:02pm

@issue-bot

This comment has been minimized.

Copy link
Collaborator Author

commented Nov 29, 2011

I just tested by updating the URL as you suggest, this works. Can we make this a feature request to simply check our current port and set liveupdate URL to match the protocol?

--- Originally created by fbliss on October 12th, 2011, at 03:57pm

@aschempp

This comment has been minimized.

Copy link
Contributor

commented Nov 29, 2011

How about the URL is entered without protocol, and the current protocol is automatically added when performing the request?

--- Originally created on October 18th, 2011, at 03:36pm

@issue-bot

This comment has been minimized.

Copy link
Collaborator Author

commented Nov 29, 2011

URL without protocol is not an URL anymore.
Who wants the referer? The LiveUpdate-Service-"Server" or the Contao-"Client"? When the Contao is redirecting the HTTP-Client should keep the referer address? Actually you should be able to use the non-SSL LiveUpdate on SSL-protected Systems?

--- Originally created by backbone on October 18th, 2011, at 03:46pm

@ghost

This comment has been minimized.

Copy link

commented Jan 5, 2012

Das kann ich bestätigen, funktioniert nicht bei SSL-Webseite. Lag aber eher an dem Contao webShop, da nicht einzelne Bereiche als SSL abgefertigt werden können wie Anmelden, Warenkorb, Bestellprozess etc. Deshalb musste die gesamte Seite als SSL laufen. Jedenfalls wäre einen Switch, ob SLL-Live-Update oder nicht ganz sinnvoll, da wir ja bereits in der xml für die Sitemap ebenfalls solche Konfig festlegen können. Und wer ein SSL-Zertifikat jat, der kann ja auch sein Backend damit aufrufen, schließlich ist das ja nicht billig.

leofeyer added a commit that referenced this issue Jan 5, 2012
@leofeyer

This comment has been minimized.

Copy link
Member

commented Jan 5, 2012

Implemented in 9cd03ac.

@leofeyer leofeyer closed this Jan 5, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.