[LON-CAPA-cvs] cvs: loncom /interface lonsyllabus.pm
raeburn
raeburn at source.lon-capa.org
Mon Jan 20 11:27:54 EST 2020
raeburn Mon Jan 20 16:27:54 2020 EDT
Modified files:
/loncom/interface lonsyllabus.pm
Log:
- For servers using Apache/SSL, where syllabus set to use an external http://
URL, for public (unauthenticated) access redirect to serve page via http
(with usehttp=1 in query string) unless Strict-Transport-Security set for
Apache with max-age > 0
Index: loncom/interface/lonsyllabus.pm
diff -u loncom/interface/lonsyllabus.pm:1.147 loncom/interface/lonsyllabus.pm:1.148
--- loncom/interface/lonsyllabus.pm:1.147 Tue Jan 14 00:57:54 2020
+++ loncom/interface/lonsyllabus.pm Mon Jan 20 16:27:54 2020
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Syllabus
#
-# $Id: lonsyllabus.pm,v 1.147 2020/01/14 00:57:54 raeburn Exp $
+# $Id: lonsyllabus.pm,v 1.148 2020/01/20 16:27:54 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -185,6 +185,13 @@
}
} elsif ($external=~/\w/) {
unless ($allowed && $forceedit) {
+ if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public') &&
+ ($ENV{'SERVER_PORT'} == 443) && ($external =~ m{^http://}) && !($env{'form.usehttp'})) {
+ unless (&Apache::lonnet::uses_sts()) {
+ &redirect_to_http($r);
+ return OK;
+ }
+ }
if ($target eq 'tex') {
$r->print(&Apache::lonprintout::print_latex_header($env{'form.latex_type'}).
' \strut \\\\ \textbf{'.&mt('Syllabus').'} \strut \\\\ '.$external.' '.
@@ -309,14 +316,7 @@
my $hostname = &Apache::lonnet::hostname($homeserver);
my $protocol = $Apache::lonnet::protocol{$homeserver};
$protocol = 'http' if ($protocol ne 'https');
- my $link = $r->uri;
- if (($protocol eq 'https') && ($external =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
- $link .= '?usehttp=1';
- $protocol = 'http';
- }
- }
- $link = $protocol.'://'.$hostname.$link;
+ my $link = $protocol.'://'.$hostname.$r->uri;
$r->print('<div class="LC_left_float">'
.'<span class="LC_help_open_topic LC_info">'
.'<span class="LC_info">'
@@ -1721,5 +1721,17 @@
ENDJS
}
+sub redirect_to_http {
+ my ($r) = @_;
+ &Apache::loncommon::content_type($r,'text/html');
+ &Apache::loncommon::no_cache($r);
+ $r->send_http_header;
+ my $url = 'http://'.$r->hostname().$r->uri().'?usehttp=1';
+ $r->print(&Apache::loncommon::start_page(undef,undef,
+ {'redirect' => [0,$url],}).
+ &Apache::loncommon::end_page());
+ return;
+}
+
1;
__END__
More information about the LON-CAPA-cvs
mailing list