[LON-CAPA-cvs] cvs: loncom /interface lonsyllabus.pm

raeburn raeburn at source.lon-capa.org
Mon Jan 20 11:27:54 EST 2020


raeburn		Mon Jan 20 16:27:54 2020 EDT

  Modified files:              
    /loncom/interface	lonsyllabus.pm 
  Log:
  - For servers using Apache/SSL, where syllabus set to use an external http:// 
    URL, for public (unauthenticated) access redirect to serve page via http
    (with usehttp=1 in query string) unless Strict-Transport-Security set for
    Apache with max-age > 0  
  
  
Index: loncom/interface/lonsyllabus.pm
diff -u loncom/interface/lonsyllabus.pm:1.147 loncom/interface/lonsyllabus.pm:1.148
--- loncom/interface/lonsyllabus.pm:1.147	Tue Jan 14 00:57:54 2020
+++ loncom/interface/lonsyllabus.pm	Mon Jan 20 16:27:54 2020
@@ -1,7 +1,7 @@
 # The LearningOnline Network
 # Syllabus
 #
-# $Id: lonsyllabus.pm,v 1.147 2020/01/14 00:57:54 raeburn Exp $
+# $Id: lonsyllabus.pm,v 1.148 2020/01/20 16:27:54 raeburn Exp $
 #
 # Copyright Michigan State University Board of Trustees
 #
@@ -185,6 +185,13 @@
         }
     } elsif ($external=~/\w/) {
         unless ($allowed && $forceedit) {
+            if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public') &&
+                ($ENV{'SERVER_PORT'} == 443) && ($external =~ m{^http://}) && !($env{'form.usehttp'})) {
+                unless (&Apache::lonnet::uses_sts()) {
+                    &redirect_to_http($r);
+                    return OK;
+                }
+            }
             if ($target eq 'tex') {
                 $r->print(&Apache::lonprintout::print_latex_header($env{'form.latex_type'}).
                          ' \strut \\\\ \textbf{'.&mt('Syllabus').'} \strut \\\\ '.$external.' '.
@@ -309,14 +316,7 @@
             my $hostname = &Apache::lonnet::hostname($homeserver);
             my $protocol = $Apache::lonnet::protocol{$homeserver};
             $protocol = 'http' if ($protocol ne 'https');
-            my $link = $r->uri;
-            if (($protocol eq 'https') && ($external =~ m{^http://})) {
-                unless (&Apache::lonnet::uses_sts()) {
-                    $link .= '?usehttp=1';
-                    $protocol = 'http';
-                }
-            }
-            $link = $protocol.'://'.$hostname.$link;
+            my $link = $protocol.'://'.$hostname.$r->uri;
             $r->print('<div class="LC_left_float">'
                      .'<span class="LC_help_open_topic LC_info">'
                      .'<span class="LC_info">'
@@ -1721,5 +1721,17 @@
 ENDJS
 }
 
+sub redirect_to_http {
+    my ($r) = @_;
+    &Apache::loncommon::content_type($r,'text/html');
+    &Apache::loncommon::no_cache($r);
+    $r->send_http_header;
+    my $url = 'http://'.$r->hostname().$r->uri().'?usehttp=1';
+    $r->print(&Apache::loncommon::start_page(undef,undef,
+                                             {'redirect' => [0,$url],}).
+              &Apache::loncommon::end_page());
+    return;
+}
+
 1;
 __END__




More information about the LON-CAPA-cvs mailing list