Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

site_url preference #469

Closed
jstubbs opened this issue Apr 11, 2015 · 9 comments
Closed

site_url preference #469

jstubbs opened this issue Apr 11, 2015 · 9 comments

Comments

@jstubbs
Copy link

@jstubbs jstubbs commented Apr 11, 2015

As requested in the forum thread below, could we add an option to output a secure link to the site_url tag, perhaps something like: <txp:site_url scheme="https" />

Many thanks.

http://forum.textpattern.com/viewtopic.php?id=42865

@colak
Copy link
Member

@colak colak commented Apr 11, 2015

It would also be good if there was an option for https in the admin side.

@philwareham
Copy link
Member

@philwareham philwareham commented Apr 11, 2015

I'd prefer the attribute to be 'protocol' instead of 'scheme'.

@Bloke
Copy link
Member

@Bloke Bloke commented Apr 11, 2015

Is there any need for this? How many times do you switch protocol during normal site use? If you want to deliver secure links, you normally set this at the end of your config.php file:

define('PROTOCOL', 'https://');

then all URLs in tags return secure protocol prefixes. At least, that's what it's supposed to do. If this doesn't work as expected, then by all means we'll look into alternatives.

@jstubbs
Copy link
Author

@jstubbs jstubbs commented Apr 11, 2015

@Bloke I believe so. In my case, I would like to send users to a secure page for registrations rather than have an overall site based on https://.

@Bloke
Copy link
Member

@Bloke Bloke commented Apr 23, 2015

That makes sense. No idea how best to implement it though. The site_url tag simply returns (verbatim) the value of hu, which is a global based on your Site URL preference. The protocol prefix is already baked into that variable, and it's used everywhere, all over the core and in plugins. So changing it will have a potentially massive impact.

That leaves us with altering the <txp:site_url> tag, which requires some thought. Presumably, setting protocol="https" will overwrite whatever protocol has been stored in hu. But what if you've set the PROTOCOL to secure by default (as defined in my comment above) and don't specify any protocol attribute to the <txp:site_url /> tag? Guess it would have to default to the 'current' system protocol unless explicitly set to something else.

Also note that altering this tag will only affect markup you build from scratch using the tag. It won't affect any places where hu is used in the core or in plugins (e.g. <txp:images>, <txp:file_download>, <txp:category_list> etc). They will continue to serve URLs as determined by the system. This may well create some kind of weird, head-scratching mishmash of secure and insecure links throughout the site, which may not be what is desired.

As I say, not sure how best to move forward.

@jstubbs
Copy link
Author

@jstubbs jstubbs commented Apr 23, 2015

Mmm so does sound like the best way forward at this point is simply to use your 'define('PROTOCOL', 'https://');' example in 'config.php', especially if Phil is right that maybe its a good idea to have a site serve SSL entirely. http://forum.textpattern.com/viewtopic.php?pid=290200#p290200

I just added your code to this site - http://court28.com - and it seems to be working very well. Like colak (http://forum.textpattern.com/viewtopic.php?pid=290205#p290205), up until now my approach has been to use SSL only on certain pages where the user needs to enter data.

@philwareham
Copy link
Member

@philwareham philwareham commented Apr 23, 2015

Sounds like we need a better way of exposing this define('PROTOCOL', 'https://'); - I'd never heard of that feature before. Would it be better to have a site pref to control this (after all, we have site prefs for messy URLs and suchlike, this isn't a million miles away from that context)? Don't know.

@Tlturner77
Copy link

@Tlturner77 Tlturner77 commented May 26, 2015

Another example of how this could be used if someone was using Textpattern as a small e-commerce shoppingcart where you would not want https on your product listing and product view page but you do want it for the checkout process and where the checkout/cart is within same domain and install of text pattern.

However to add to @Bloke first point if the site is 99% read only a entire https site may have some advantages when using OSCP and http2 or spdy. My point would be for site that rely on cacheing where loading lots of products is used and where there is a good portion of the site that is writable such as a shopping cart.

@philwareham
Copy link
Member

@philwareham philwareham commented Oct 12, 2015

Not an issue right now. If someone wishes to provide a patch in future we would consider it, if handled correctly. Closing for now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.