[LON-CAPA-cvs] cvs: doc /install/linux sslrewrite.conf loncom loncapa_apache.conf loncom/auth lonroles.pm loncom/interface coursecatalog.pm londocs.pm lonhtmlcommon.pm lonmenu.pm lonnavmaps.pm lonsyllabus.pm loncom/lonnet/perl lonnet.pm loncom/rewrites loncapa_rewrite_off.conf loncapa_rewrite_on.conf rat lonpageflip.pm

raeburn raeburn at source.lon-capa.org
Thu Dec 27 15:11:56 EST 2018


raeburn		Thu Dec 27 20:11:56 2018 EDT

  Modified files:              
    /loncom/interface	coursecatalog.pm londocs.pm lonhtmlcommon.pm 
                     	lonmenu.pm lonnavmaps.pm lonsyllabus.pm 
    /loncom/auth	lonroles.pm 
    /loncom/lonnet/perl	lonnet.pm 
    /rat	lonpageflip.pm 
    /loncom	loncapa_apache.conf 
    /loncom/rewrites	loncapa_rewrite_on.conf loncapa_rewrite_off.conf 
    /doc/install/linux	sslrewrite.conf 
  Log:
  - For servers using Apache/SSL where External Resource points at http:// URL
    or syllabus is configured to use an external http:// URL, query string for
    links contains usehttp=1, unless server has Strict-Transport-Security set
    for Apache with max-age > 0.
  
  
-------------- next part --------------
Index: loncom/interface/coursecatalog.pm
diff -u loncom/interface/coursecatalog.pm:1.97 loncom/interface/coursecatalog.pm:1.98
--- loncom/interface/coursecatalog.pm:1.97	Sun Dec 16 03:17:07 2018
+++ loncom/interface/coursecatalog.pm	Thu Dec 27 20:10:31 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Handler for displaying the course catalog interface
 #
-# $Id: coursecatalog.pm,v 1.97 2018/12/16 03:17:07 raeburn Exp $
+# $Id: coursecatalog.pm,v 1.98 2018/12/27 20:10:31 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -192,7 +192,9 @@
                                 if ($courseinfo{$codedom.'_'.$cnum}{'showsyllabus'}) {
                                     my $usehttp = 0;
                                     if (($ENV{'SERVER_PORT'} == 443) && ($courseinfo{$codedom.'_'.$cnum}{'extsyllplain'})) {
-                                        $usehttp = 1;
+                                        unless (&Apache::lonnet::uses_sts()) {
+                                            $usehttp = 1;
+                                        }
                                     }
                                     $r->print(' <font size="-2">'.
                                               '<a href="javascript:ToSyllabus('."'$codedom','$cnum','$usehttp'".')">'.
@@ -1678,7 +1680,9 @@
     if ($showsyllabus) {
         my $usehttp = 0;
         if (($ENV{'SERVER_PORT'} == 443) && ($extsyllplain)) {
-            $usehttp = 1;
+            unless (&Apache::lonnet::uses_sts()) {
+                $usehttp = 1;
+            }
         }
         $output .= '<a href="javascript:ToSyllabus('."'$cdom','$cnum','$usehttp'".')">'.&mt('Syllabus').'</a>';
     } else {
Index: loncom/interface/londocs.pm
diff -u loncom/interface/londocs.pm:1.656 loncom/interface/londocs.pm:1.657
--- loncom/interface/londocs.pm:1.656	Wed Jul  4 13:55:27 2018
+++ loncom/interface/londocs.pm	Thu Dec 27 20:10:31 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Documents
 #
-# $Id: londocs.pm,v 1.656 2018/07/04 13:55:27 raeburn Exp $
+# $Id: londocs.pm,v 1.657 2018/12/27 20:10:31 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -4171,7 +4171,9 @@
             } elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
                 if (($ENV{'SERVER_PORT'} == 443) &&
                     ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                    $url .= '?usehttp=1';
+                    unless (&Apache::lonnet::uses_sts()) {
+                        $url .= '?usehttp=1';
+                    }
                     $nomodal = 1;
                 }
             }
@@ -4237,8 +4239,11 @@
                 $url = $1;
                 $anchor = $2;
                 if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
-                    if ($hostname ne '') {
-                        $url = 'http://'.$hostname.$url;
+                    unless (&Apache::lonnet::uses_sts()) {
+                        if ($hostname ne '') {
+                            $url = 'http://'.$hostname.$url;
+                        }
+                        $url .= (($url =~ /\?/) ? '&':'?').'usehttp=1';
                     }
                     $nomodal = 1;
                 }
@@ -4246,10 +4251,12 @@
         } elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
             if (($ENV{'SERVER_PORT'} == 443) &&
                 ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                if ($hostname ne '') {
-                    $url = 'http://'.$hostname.$url;
+                unless (&Apache::lonnet::uses_sts()) {
+                    if ($hostname ne '') {
+                        $url = 'http://'.$hostname.$url;
+                    }
+                    $url .= (($url =~ /\?/) ? '&':'?').'usehttp=1';
                 }
-                $url .= (($url =~ /\?/) ? '&':'?').'usehttp=1';
                 $nomodal = 1;
             }
         }
@@ -7272,14 +7279,18 @@
                 if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
                     if (($ENV{'SERVER_PORT'} == 443) &&
                         ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                        if ($hostname ne '') {
-                            $backtourl = 'http://'.$hostname.$backtourl;
+                        unless (&Apache::lonnet::uses_sts()) {
+                            if ($hostname ne '') {
+                                $backtourl = 'http://'.$hostname.$backtourl;
+                            }
+                            $backtourl .= (($backtourl =~ /\?/) ? '&':'?').'usehttp=1';
                         }
-                        $backtourl .= (($backtourl =~ /\?/) ? '&':'?').'usehttp=1';
                     }
                 } elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
                     if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
-                        $backtourl = 'http://'.$hostname.$backtourl;
+                        unless (&Apache::lonnet::uses_sts()) {
+                            $backtourl = 'http://'.$hostname.$backtourl;
+                        }
                     }
                 }
                 if ($anchor ne '') {
Index: loncom/interface/lonhtmlcommon.pm
diff -u loncom/interface/lonhtmlcommon.pm:1.393 loncom/interface/lonhtmlcommon.pm:1.394
--- loncom/interface/lonhtmlcommon.pm:1.393	Tue Apr 24 13:40:32 2018
+++ loncom/interface/lonhtmlcommon.pm	Thu Dec 27 20:10:31 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # a pile of common html routines
 #
-# $Id: lonhtmlcommon.pm,v 1.393 2018/04/24 13:40:32 raeburn Exp $
+# $Id: lonhtmlcommon.pm,v 1.394 2018/12/27 20:10:31 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -3508,7 +3508,16 @@
        currentURL = null;
        currentSymb= null;
        var lcHostname = setLCHost();
-       window.location.href=lcHostname+url;
+       if (lcHostname!='' && lcHostname!= null) {
+           var RegExp = /^https?\:/;
+           if (RegExp.test(url)) {
+               window.location.href=url;
+           } else {
+               window.location.href=lcHostname+url;
+           }
+       } else {
+           window.location.href=url;
+       }
    }
 }
 
@@ -3554,7 +3563,9 @@
                 $anchor = $3;
                 $is_ext = 1;
                 if (($extlink !~ /^https:/) && ($ENV{'SERVER_PORT'} == 443)) {
-                    $usehttp = 1;
+                    unless (&Apache::lonnet::uses_sts()) {
+                        $usehttp = 1;
+                    }
                 } elsif ($env{'request.use_absolute'}) {
                     if ($env{'request.use_absolute'} =~ m{^https://}) {
                         $usehttps = 1;
@@ -3567,7 +3578,9 @@
                         ($env{'course.'.$env{'request.course.id'}.'.num'} eq $cnum) &&
                         ($env{'course.'.$env{'request.course.id'}.'.domain'} eq $cdom)) {
                         if ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://}) {
-                            $usehttp = 1;
+                            unless (&Apache::lonnet::uses_sts()) {
+                                $usehttp = 1;
+                            }
                         }
                     }
                 } elsif ($env{'request.use_absolute'}) {
Index: loncom/interface/lonmenu.pm
diff -u loncom/interface/lonmenu.pm:1.492 loncom/interface/lonmenu.pm:1.493
--- loncom/interface/lonmenu.pm:1.492	Thu May 10 04:06:13 2018
+++ loncom/interface/lonmenu.pm	Thu Dec 27 20:10:31 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Routines to control the menu
 #
-# $Id: lonmenu.pm,v 1.492 2018/05/10 04:06:13 raeburn Exp $
+# $Id: lonmenu.pm,v 1.493 2018/12/27 20:10:31 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -605,11 +605,13 @@
                 }
                 if ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://}) {
                     if (($ENV{'SERVER_PORT'} == 443) || ($env{'request.use_absolute'} =~ m{^https://})) {
-                        unless ($$menuitem[0] =~ m{^https?://}) {
-                            $$menuitem[0] = 'http://'.$ENV{'SERVER_NAME'}.$$menuitem[0];
-                        }
-                        unless ($$menuitem[0] =~ /(\&|\?)usehttp=1/) {
-                            $$menuitem[0] .= (($$menuitem[0]=~/\?/) ? '&' : '?').'usehttp=1';
+                        unless (&Apache::lonnet::uses_sts()) {
+                            unless ($$menuitem[0] =~ m{^https?://}) {
+                                $$menuitem[0] = 'http://'.$ENV{'SERVER_NAME'}.$$menuitem[0];
+                            }
+                            unless ($$menuitem[0] =~ /(\&|\?)usehttp=1/) {
+                                $$menuitem[0] .= (($$menuitem[0]=~/\?/) ? '&' : '?').'usehttp=1';
+                            }
                         }
                     }
                 }
@@ -2125,6 +2127,10 @@
         $ltitarget = $env{'request.lti.target'};
     }
 
+    my $annotateurl = '/adm/annotation';
+    if ($httphost) {
+        $annotateurl = '/adm/annotations';
+    }
     my $hostvar = '
 function setLCHost() {
     var lcHostname="";
@@ -2258,7 +2264,7 @@
    annotator.document.write(
    '$start_page_annotate'
   +"<form name='goannotate' target='Annotator' method='post' "
-  +"action='/adm/annotations'>"
+  +"action='$annotateurl'>"
   +"<input type='hidden' name='symbnew' value='"+currentSymb+"' />"
   +"<\\/form>"
   +'$end_page_annotate');
Index: loncom/interface/lonnavmaps.pm
diff -u loncom/interface/lonnavmaps.pm:1.543 loncom/interface/lonnavmaps.pm:1.544
--- loncom/interface/lonnavmaps.pm:1.543	Tue Nov 13 03:59:00 2018
+++ loncom/interface/lonnavmaps.pm	Thu Dec 27 20:10:31 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # Navigate Maps Handler
 #
-# $Id: lonnavmaps.pm,v 1.543 2018/11/13 03:59:00 raeburn Exp $
+# $Id: lonnavmaps.pm,v 1.544 2018/12/27 20:10:31 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -1933,14 +1933,20 @@
             if ($env{'request.course.id'}) {
                 if (($is_ssl) && ($src =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) &&
                     ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-                    if ($hostname ne '') {
-                        $src = 'http://'.$hostname.$src;
+                    unless (&Apache::lonnet::uses_sts()) {
+                        if ($hostname ne '') {
+                            $src = 'http://'.$hostname.$src;
+                        }
+                        $src .= ($srcHasQuestion? '&' : '?') . 'usehttp=1';
+                        $srcHasQuestion = 1;a
                     }
-                    $src .= ($srcHasQuestion? '&' : '?') . 'usehttp=1';
-                    $srcHasQuestion = 1;
                 } elsif (($is_ssl) && ($src =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) {
-                    if ($hostname ne '') {
-                        $src = 'http://'.$hostname.$src;
+                    unless (&Apache::lonnet::uses_sts()) {
+                        if ($hostname ne '') {
+                            $src = 'http://'.$hostname.$src;
+                        }
+                        $src .= ($srcHasQuestion? '&' : '?') . 'usehttp=1';
+                        $srcHasQuestion = 1;
                     }
                 }
             }
Index: loncom/interface/lonsyllabus.pm
diff -u loncom/interface/lonsyllabus.pm:1.144 loncom/interface/lonsyllabus.pm:1.145
--- loncom/interface/lonsyllabus.pm:1.144	Thu Dec 27 18:14:25 2018
+++ loncom/interface/lonsyllabus.pm	Thu Dec 27 20:10:31 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Syllabus
 #
-# $Id: lonsyllabus.pm,v 1.144 2018/12/27 18:14:25 raeburn Exp $
+# $Id: lonsyllabus.pm,v 1.145 2018/12/27 20:10:31 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -311,8 +311,10 @@
             $protocol = 'http' if ($protocol ne 'https');
             my $link = $r->uri;
             if (($protocol eq 'https') && ($external =~ m{^http://})) {
-                $link .= '?usehttp=1';
-                $protocol = 'http';
+                unless (&Apache::lonnet::uses_sts()) {
+                    $link .= '?usehttp=1';
+                    $protocol = 'http';
+                }
             }
             $link = $protocol.'://'.$hostname.$link;
             $r->print('<div class="LC_left_float">'
Index: loncom/auth/lonroles.pm
diff -u loncom/auth/lonroles.pm:1.341 loncom/auth/lonroles.pm:1.342
--- loncom/auth/lonroles.pm:1.341	Sat Dec  8 16:34:15 2018
+++ loncom/auth/lonroles.pm	Thu Dec 27 20:10:44 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network with CAPA
 # User Roles Screen
 #
-# $Id: lonroles.pm,v 1.341 2018/12/08 16:34:15 raeburn Exp $
+# $Id: lonroles.pm,v 1.342 2018/12/27 20:10:44 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -721,9 +721,11 @@
                                             if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) ||
                                                 ($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) {
                                                 if ($ENV{'SERVER_PORT'} == 443) {
-                                                    my $hostname = $r->hostname();
-                                                    if ($hostname ne '') {
-                                                        $dest = 'http://'.$hostname.$dest;
+                                                    unless (&Apache::lonnet::uses_sts()) {
+                                                        my $hostname = $r->hostname();
+                                                        if ($hostname ne '') {
+                                                            $dest = 'http://'.$hostname.$dest;
+                                                        }
                                                     }
                                                 }
                                             }
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1397 loncom/lonnet/perl/lonnet.pm:1.1398
--- loncom/lonnet/perl/lonnet.pm:1.1397	Thu Dec 27 18:14:50 2018
+++ loncom/lonnet/perl/lonnet.pm	Thu Dec 27 20:10:56 2018
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # TCP networking package
 #
-# $Id: lonnet.pm,v 1.1397 2018/12/27 18:14:50 raeburn Exp $
+# $Id: lonnet.pm,v 1.1398 2018/12/27 20:10:56 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -13358,7 +13358,7 @@
     my $request;
     $uri=~s/^\///;
     my $homeserver = &homeserver($cnum,$cdom);
-    my $hostname = &hostname($homeserver); 
+    my $hostname = &hostname($homeserver);
     my $protocol = $protocol{$homeserver};
     $protocol = 'http' if ($protocol ne 'https');
     $request=new HTTP::Request('GET',$protocol.'://'.$hostname.'/raw/'.$uri);
@@ -13560,6 +13560,44 @@
     return $domain;
 }
 
+sub uses_sts {
+    my ($ignore_cache) = @_;
+    my $lonhost = $perlvar{'lonHostID'};
+    my $hostname = &hostname($lonhost);
+    my $sts_on;
+    if ($protocol{$lonhost} eq 'https') {
+        my $cachetime = 12*3600;
+        if (!$ignore_cache) {
+            ($sts_on,my $cached)=&is_cached_new('stspolicy',$lonhost);
+            if (defined($cached)) {
+                return $sts_on;
+            }
+        }
+        my $url = $protocol{$lonhost}.'://'.$hostname.'/index.html';
+        my $request=new HTTP::Request('HEAD',$url);
+        my $response=&LONCAPA::LWPReq::makerequest($lonhost,$request,'',\%perlvar,'','','',1);
+        if ($response->is_success) {
+            my $has_sts = $response->header('Strict-Transport-Security');
+            if ($has_sts eq '') {
+                $sts_on = 0;
+            } else {
+                if ($has_sts =~ /\Qmax-age=\E(\d+)/) {
+                    my $maxage = $1;
+                    if ($maxage) {
+                        $sts_on = 1;
+                    } else {
+                        $sts_on = 0;
+                    }
+                } else {
+                    $sts_on = 0;
+                }
+            }
+            return &do_cache_new('stspolicy',$lonhost,$sts_on,$cachetime);
+        }
+    }
+    return;
+}
+
 # ------------------------------------------------------------- Declutters URLs
 
 sub declutter {
Index: rat/lonpageflip.pm
diff -u rat/lonpageflip.pm:1.98 rat/lonpageflip.pm:1.99
--- rat/lonpageflip.pm:1.98	Tue Nov 13 03:59:17 2018
+++ rat/lonpageflip.pm	Thu Dec 27 20:11:16 2018
@@ -2,7 +2,7 @@
 #
 # Page flip handler
 #
-# $Id: lonpageflip.pm,v 1.98 2018/11/13 03:59:17 raeburn Exp $
+# $Id: lonpageflip.pm,v 1.99 2018/12/27 20:11:16 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -313,11 +313,16 @@
         if (($$srcref =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) &&
             ($ENV{'SERVER_PORT'} == 443) &&
             ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
-            $$srcref .= (($$srcref =~/\?/)? '&':'?') . 'usehttp=1';
-            $usehttp = 1;
+            unless (&Apache::lonnet::uses_sts()) {
+                $$srcref .= (($$srcref =~/\?/)? '&':'?') . 'usehttp=1';
+                $usehttp = 1;
+            }
         } elsif (($$srcref =~ m{^\Q/adm/wrapper/ext/\E(?!https:)}) &&
                  ($ENV{'SERVER_PORT'} == 443)) {
-            $usehttp = 1;
+            unless (&Apache::lonnet::uses_sts()) {
+                $$srcref .= (($$srcref =~/\?/)? '&':'?') . 'usehttp=1';
+                $usehttp = 1;
+            }
         }
     }
     return $usehttp;
Index: loncom/loncapa_apache.conf
diff -u loncom/loncapa_apache.conf:1.264 loncom/loncapa_apache.conf:1.265
--- loncom/loncapa_apache.conf:1.264	Sat Nov 24 16:19:09 2018
+++ loncom/loncapa_apache.conf	Thu Dec 27 20:11:29 2018
@@ -2,7 +2,7 @@
 ## loncapa_apache.conf -- Apache HTTP LON-CAPA configuration file
 ##
 
-# $Id: loncapa_apache.conf,v 1.264 2018/11/24 16:19:09 raeburn Exp $
+# $Id: loncapa_apache.conf,v 1.265 2018/12/27 20:11:29 raeburn Exp $
 
 #
 # LON-CAPA Section (extensions to httpd.conf daemon configuration)
@@ -844,6 +844,16 @@
 ErrorDocument	  500 /adm/errorhandler
 </Location>
 
+<Location /adm/annotation>
+AuthType LONCAPA
+Require valid-user
+PerlAuthzHandler       Apache::lonacc
+SetHandler perl-script
+PerlHandler Apache::admannotations
+ErrorDocument     403 /adm/login
+ErrorDocument     500 /adm/errorhandler
+</Location>
+
 <Location /adm/spellcheck>
 AuthType LONCAPA
 Require valid-user
Index: loncom/rewrites/loncapa_rewrite_on.conf
diff -u loncom/rewrites/loncapa_rewrite_on.conf:1.7 loncom/rewrites/loncapa_rewrite_on.conf:1.8
--- loncom/rewrites/loncapa_rewrite_on.conf:1.7	Tue Jul 10 06:01:27 2018
+++ loncom/rewrites/loncapa_rewrite_on.conf	Thu Dec 27 20:11:42 2018
@@ -4,11 +4,12 @@
     RewriteCond %{REMOTE_HOST} 127.0.0.1
     RewriteRule (.*) - [L]
     RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)
+    RewriteCond %{QUERY_STRING} (^|&(amp;|))usehttp=1($|&)
     RewriteRule (.*) - [L]
     RewriteCond %{REQUEST_URI} ^/adm/annotations$
     RewriteRule (.*) - [L]
     RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$
-    RewriteCond %{QUERY_STRING} (^|&)usehttp=1($|&)
+    RewriteCond %{QUERY_STRING} (^|&(amp;|))usehttp=1($|&)
     RewriteRule (.*) - [L]
     RewriteCond %{HTTPS} !=on
     RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]
Index: loncom/rewrites/loncapa_rewrite_off.conf
diff -u loncom/rewrites/loncapa_rewrite_off.conf:1.7 loncom/rewrites/loncapa_rewrite_off.conf:1.8
--- loncom/rewrites/loncapa_rewrite_off.conf:1.7	Tue Jul 10 06:01:27 2018
+++ loncom/rewrites/loncapa_rewrite_off.conf	Thu Dec 27 20:11:42 2018
@@ -4,11 +4,12 @@
     RewriteCond %{REMOTE_HOST} 127.0.0.1
     RewriteRule (.*) - [L]
     RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:)
+    RewriteCond %{QUERY_STRING} (^|&(amp;|))usehttp=1($|&)
     RewriteRule (.*) - [L]
     RewriteCond %{REQUEST_URI} ^/adm/annotations$
     RewriteRule (.*) - [L]
     RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$
-    RewriteCond %{QUERY_STRING} (^|&)usehttp=1($|&)
+    RewriteCond %{QUERY_STRING} (^|&(amp;|))usehttp=1($|&)
     RewriteRule (.*) - [L]
     RewriteCond %{HTTPS} !=on
     RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R,L]
Index: doc/install/linux/sslrewrite.conf
diff -u doc/install/linux/sslrewrite.conf:1.1 doc/install/linux/sslrewrite.conf:1.2
--- doc/install/linux/sslrewrite.conf:1.1	Tue Jul 17 01:59:39 2018
+++ doc/install/linux/sslrewrite.conf	Thu Dec 27 20:11:55 2018
@@ -1,12 +1,14 @@
 <IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteCond %{HTTPS} =on
+  RewriteCond %{REQUEST_URI} ^/adm/wrapper/ext/(?!https:\/\/)
+  RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)
   RewriteRule ^/adm/wrapper/ext/(?!https:\/\/) http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]
   RewriteCond %{REMOTE_ADDR} 127.0.0.1
   RewriteRule (.*) - [L]
   RewriteCond %{REMOTE_ADDR} {[[[[HostIP]]]]}
   RewriteRule (.*) - [L]
   RewriteCond %{REQUEST_URI} ^/public/.*/syllabus$
-  RewriteCond %{QUERY_STRING} (^|&)usehttp=1($|&)
+  RewriteCond %{QUERY_STRING} (^|&(|amp;))usehttp=1($|&)
   RewriteRule ^/public/.*/syllabus$ http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NE]
 </IfModule>


More information about the LON-CAPA-cvs mailing list