[LON-CAPA-cvs] cvs: rat / lonpageflip.pm loncom/auth lonroles.pm loncom/interface coursecatalog.pm domainprefs.pm londocs.pm lonhtmlcommon.pm lonmenu.pm lonnavmaps.pm lonprintout.pm lonsyllabus.pm loncom/lonnet/perl lonnet.pm
raeburn
raeburn at source.lon-capa.org
Thu Apr 29 13:45:25 EDT 2021
raeburn Thu Apr 29 17:45:25 2021 EDT
Modified files:
/loncom/interface domainprefs.pm coursecatalog.pm londocs.pm
lonhtmlcommon.pm lonmenu.pm lonnavmaps.pm
lonprintout.pm lonsyllabus.pm
/loncom/lonnet/perl lonnet.pm
/loncom/auth lonroles.pm
/rat lonpageflip.pm
Log:
- Bug 6914
Update domain config UI to support settings documented in
Domain_Configuration_WAF_Proxy.tex
-------------- next part --------------
Index: loncom/interface/domainprefs.pm
diff -u loncom/interface/domainprefs.pm:1.381 loncom/interface/domainprefs.pm:1.382
--- loncom/interface/domainprefs.pm:1.381 Sun Apr 18 02:08:46 2021
+++ loncom/interface/domainprefs.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler to set domain-wide configuration settings
#
-# $Id: domainprefs.pm,v 1.381 2021/04/18 02:08:46 raeburn Exp $
+# $Id: domainprefs.pm,v 1.382 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -7423,12 +7423,13 @@
$itemcount ++;
$css_class = $itemcount%2 ? ' class="LC_odd_row"' : '';
my ($nowafstyle,$wafstyle,$curr_remotip,$currwafdisplay,$vpndircheck,$vpnaliascheck,
- $currwafvpn,$wafrangestyle);
+ $currwafvpn,$wafrangestyle,$alltossl,$ssltossl);
$wafstyle = ' style="display:none;"';
$nowafstyle = ' style="display:table-row;"';
$currwafdisplay = ' style="display: none"';
$wafrangestyle = ' style="display: none"';
$curr_remotip = 'n';
+ $ssltossl = ' checked="checked"';
if ($showdom) {
$wafstyle = ' style="display:table-row;"';
$nowafstyle = ' style="display:none;"';
@@ -7440,6 +7441,10 @@
$currwafdisplay = ' style="display:table-row"';
$wafrangestyle = ' style="display:inline-block;"';
}
+ if ($values{$dom}{'sslopt'}) {
+ $alltossl = ' checked="checked"';
+ $ssltossl = '';
+ }
}
if (($values{$dom}{'vpnint'} ne '') || ($values{$dom}{'vpnext'} ne '')) {
$vpndircheck = ' checked="checked"';
@@ -7478,7 +7483,7 @@
'name="wafproxy_ipheader" />'.
'</td></tr>'."\n".
'<tr id="wafproxy_trust"'.$currwafdisplay.'><td>'.
- $lt{'trusted'}.': '.
+ $lt{'trusted'}.':<br />'.
'<textarea name="wafproxy_trusted" rows="3" cols="80">'.
$values{$dom}{'trusted'}.'</textarea>'.
'</td></tr>'."\n".
@@ -7491,12 +7496,19 @@
$lt{'vpnaliased'}.'</label></span></td></tr>';
foreach my $item ('vpnint','vpnext') {
$datatable .= '<tr id="wafproxy_show_'.$item.'"'.$currwafvpn.'>'.
- '<td valign="top">'.$lt{$item}.': '.
+ '<td valign="top">'.$lt{$item}.':<br />'.
'<textarea name="wafproxy_'.$item.'" rows="3" cols="80">'.
$values{$dom}{$item}.'</textarea>'.
'</td></tr>'."\n";
}
- $datatable .= '</table></td></tr>';
+ $datatable .= '<tr><td><hr /></td></tr>'."\n".
+ '<tr>'.
+ '<td valign="top">'.$lt{'sslopt'}.':<br /><span class="LC_nobreak">'.
+ '<label><input type="radio" name="wafproxy_sslopt"'.$alltossl.' value="1" />'.
+ $lt{'alltossl'}.'</label>'.(' 'x2).
+ '<label><input type="radio" name="wafproxy_sslopt"'.$ssltossl.' value="0" />'.
+ $lt{'ssltossl'}.'</label></span></td></tr>'."\n".
+ '</table></td></tr>';
}
if (keys(%otherdoms)) {
foreach my $domain (sort(keys(%otherdoms))) {
@@ -7505,10 +7517,16 @@
$datatable .= '<tr'.$css_class.'>'.
'<td class="LC_left_item">'.&mt('Domain: [_1]',$domain).'</td>'.
'<td class="LC_left_item"><table>';
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $showval = &mt('None');
+ if ($item eq 'ssl') {
+ $showval = $lt{'ssltossl'};
+ }
if ($values{$domain}{$item}) {
$showval = $values{$domain}{$item};
+ if ($item eq 'ssl') {
+ $showval = $lt{'alltossl'};
+ }
}
$datatable .= '<tr>'.
'<td>'.$lt{$item}.': '.$showval.'</td></tr>';
@@ -7531,7 +7549,7 @@
vpnaliased => 'via aliased hostname (WAF)',
vpnint => 'Internal IP Range(s) for VPN sessions',
vpnext => 'IP Range(s) for backend WAF connections',
- ssloptions => 'Forwarding http/https',
+ sslopt => 'Forwarding http/https',
alltossl => 'WAF forwards both http and https requests to https',
ssltossl => 'WAF forwards http requests to http and https to https',
);
@@ -19826,7 +19844,7 @@
if (ref($domconfig{'wafproxy'}{'alias'}) eq 'HASH') {
%curralias = %{$domconfig{'wafproxy'}{'alias'}};
}
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
$currvalue{$item} = $domconfig{'wafproxy'}{$item};
}
}
@@ -19862,7 +19880,7 @@
vpnint => 'internal IP range(s) for VPN sessions(s)',
vpnext => 'IP range(s) for backend WAF connections',
);
- foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
my $possible = $env{'form.wafproxy_'.$item};
$possible =~ s/^\s+|\s+$//g;
if ($possible ne '') {
@@ -19874,6 +19892,10 @@
if ($wafproxy{'remoteip'} eq 'h') {
$wafproxy{$item} = $possible;
}
+ } elsif ($item eq 'sslopt') {
+ if ($possible =~ /^0|1$/) {
+ $wafproxy{$item} = $possible;
+ }
} else {
my (@ok,$count);
if (($item eq 'vpnint') || ($item eq 'vpnext')) {
@@ -19936,7 +19958,7 @@
if ($putresult eq 'ok') {
my $cachetime = 24*60*60;
my (%domdefaults,$updatedomdefs);
- foreach my $item ('ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
unless ($updatedomdefs) {
%domdefaults = &Apache::lonnet::get_domain_defaults($dom);
@@ -19973,7 +19995,7 @@
}
}
$output = &mt('Changes were made to Web Application Firewall/Reverse Proxy').'<ul>';
- foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('alias','remoteip','ipheader','trusted','vpnint','vpnext','sslopt') {
if ($changes{$item}) {
if ($item eq 'alias') {
my $numaliased = 0;
@@ -20037,6 +20059,12 @@
} else {
$output .= '<li>'.&mt('IP Range(s) for backend WAF connections deleted').'</li>';
}
+ } elsif ($item eq 'sslopt') {
+ if ($wafproxy{$item}) {
+ $output .= '<li>'.&mt('WAF/Reverse Proxy expected to forward requests to https on LON-CAPA node, regardless of original protocol in web browser (http or https).').'</li>';
+ } else {
+ $output .= '<li>'.&mt('WAF/Reverse Proxy expected to preserve original protocol in web browser (either http or https) when forwarding to LON-CAPA node.').'</li>';
+ }
}
}
}
Index: loncom/interface/coursecatalog.pm
diff -u loncom/interface/coursecatalog.pm:1.102 loncom/interface/coursecatalog.pm:1.103
--- loncom/interface/coursecatalog.pm:1.102 Tue Jul 23 13:58:53 2019
+++ loncom/interface/coursecatalog.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Handler for displaying the course catalog interface
#
-# $Id: coursecatalog.pm,v 1.102 2019/07/23 13:58:53 raeburn Exp $
+# $Id: coursecatalog.pm,v 1.103 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -59,6 +59,7 @@
my $serverdefdom = &Apache::lonnet::default_login_domain();
my $codedom = $serverdefdom;
+ my $hostname = $r->hostname();
if (($env{'user.domain'} ne '') && ($env{'user.domain'} ne 'public')) {
$codedom = $env{'user.domain'};
@@ -138,7 +139,7 @@
}
my $js = '<script type="text/javascript">'."\n".
'// <![CDATA['."\n".
- &courselink_javascript($r)."\n".
+ &courselink_javascript($hostname)."\n".
'// ]]>'."\n".
'</script>'."\n";
$r->print(&Apache::loncommon::start_page('Search for a Course/Community',$js));
@@ -191,7 +192,8 @@
if ($courseinfo{$codedom.'_'.$cnum}{'showsyllabus'}) {
my $usehttp = 0;
if (($ENV{'SERVER_PORT'} == 443) && ($courseinfo{$codedom.'_'.$cnum}{'extsyllplain'})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) ||
+ (&Apache::lonnet::waf_allssl($hostname))) {
$usehttp = 1;
}
}
@@ -253,7 +255,8 @@
&validate_input($codedom,\@cats,\%maxd,$cathash);
my ($numtitles, at codetitles);
if (($env{'form.coursenum'} ne '') && ($knownuser)) {
- &course_details($r,$codedom,$formname,$domdesc,\@trails,\%allitems,\@codetitles);
+ &course_details($r,$codedom,$formname,$domdesc,$hostname,\@trails,
+ \%allitems,\@codetitles);
} else {
my ($catlinks,$has_subcats,$selitem) = &category_breadcrumbs($codedom, at cats);
my $wasacctext = &get_wasactive_text();
@@ -299,7 +302,7 @@
}
ENDSCRIPT
- $catjs .= &courselink_javascript($r);
+ $catjs .= &courselink_javascript($hostname);
if (&user_is_dc($codedom) || $canviewall) {
$catjs .= <<ENDTOGGJS
@@ -659,12 +662,12 @@
}
sub course_details {
- my ($r,$codedom,$formname,$domdesc,$trails,$allitems,$codetitles) = @_;
+ my ($r,$codedom,$formname,$domdesc,$hostname,$trails,$allitems,$codetitles) = @_;
my $output;
my %add_entries = (topmargin => "0",
marginheight => "0",);
my $js = '<script type="text/javascript">'."\n".
- &courselink_javascript($r).'</script>'."\n";
+ &courselink_javascript($hostname).'</script>'."\n";
my $start_page =
&Apache::loncommon::start_page('Course/Community Catalog',$js,
{'add_entries' => \%add_entries, });
@@ -728,8 +731,7 @@
}
sub courselink_javascript {
- my ($r) = @_;
- my $hostname = $r->hostname();
+ my ($hostname) = @_;
return <<"END";
function ToSyllabus(cdom,cnum,usehttp) {
@@ -1512,7 +1514,8 @@
foreach my $course (@{$Sortby{$item}}) {
$output.=&Apache::loncommon::start_data_table_row();
$output.=&courseinfo_row($courseinfo{$course},$knownuser,$details,
- \$count,$now,$course,$trails,$allitems,\%numbers,$canviewall);
+ \$count,$now,$course,$trails,$allitems,
+ \%numbers,$canviewall,$hostname);
$output.=&Apache::loncommon::end_data_table_row();
}
}
@@ -1834,7 +1837,8 @@
}
sub courseinfo_row {
- my ($info,$knownuser,$details,$countref,$now,$course,$trails,$allitems,$numbers,$canviewall) = @_;
+ my ($info,$knownuser,$details,$countref,$now,$course,$trails,$allitems,
+ $numbers,$canviewall,$hostname) = @_;
my ($cdom,$cnum,$title,$ownerlast,$code,$owner,$seclist,$xlist_items,
$accessdates,$showsyllabus,$counts,$autoenrollment,$output,$categories,
$extsyllplain);
@@ -1881,7 +1885,8 @@
if ($showsyllabus) {
my $usehttp = 0;
if (($ENV{'SERVER_PORT'} == 443) && ($extsyllplain)) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) ||
+ (&Apache::lonnet::waf_allssl(hostname))) {
$usehttp = 1;
}
}
Index: loncom/interface/londocs.pm
diff -u loncom/interface/londocs.pm:1.677 loncom/interface/londocs.pm:1.678
--- loncom/interface/londocs.pm:1.677 Fri Apr 23 01:37:14 2021
+++ loncom/interface/londocs.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Documents
#
-# $Id: londocs.pm,v 1.677 2021/04/23 01:37:14 raeburn Exp $
+# $Id: londocs.pm,v 1.678 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -4235,7 +4235,7 @@
} elsif ($url eq "/public/$coursedom/$coursenum/syllabus") {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
$url .= '?usehttp=1';
}
$nomodal = 1;
@@ -4300,7 +4300,7 @@
$url = $1;
$anchor = $2;
if (($url =~ m{^(|/adm/wrapper)/ext/(?!https:)}) && ($ENV{'SERVER_PORT'} == 443)) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$url = 'http://'.$hostname.$url;
}
@@ -4312,7 +4312,7 @@
} elsif ($url =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$url = 'http://'.$hostname.$url;
}
@@ -7324,7 +7324,7 @@
if ($backtourl =~ m{^\Q/public/$coursedom/$coursenum/syllabus\E}) {
if (($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$backtourl = 'http://'.$hostname.$backtourl;
}
@@ -7333,7 +7333,7 @@
}
} elsif ($backtourl =~ m{^/adm/wrapper/ext/(?!https:)}) {
if (($ENV{'SERVER_PORT'} == 443) && ($hostname ne '')) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$backtourl = 'http://'.$hostname.$backtourl;
}
Index: loncom/interface/lonhtmlcommon.pm
diff -u loncom/interface/lonhtmlcommon.pm:1.397 loncom/interface/lonhtmlcommon.pm:1.398
--- loncom/interface/lonhtmlcommon.pm:1.397 Thu Oct 29 23:24:13 2020
+++ loncom/interface/lonhtmlcommon.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# a pile of common html routines
#
-# $Id: lonhtmlcommon.pm,v 1.397 2020/10/29 23:24:13 raeburn Exp $
+# $Id: lonhtmlcommon.pm,v 1.398 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3564,7 +3564,7 @@
$anchor = $3;
$is_ext = 1;
if (($extlink !~ /^https:/) && ($ENV{'SERVER_PORT'} == 443)) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
$usehttp = 1;
}
} elsif ($env{'request.use_absolute'}) {
@@ -3579,7 +3579,7 @@
($env{'course.'.$env{'request.course.id'}.'.num'} eq $cnum) &&
($env{'course.'.$env{'request.course.id'}.'.domain'} eq $cdom)) {
if ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://}) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
$usehttp = 1;
}
}
Index: loncom/interface/lonmenu.pm
diff -u loncom/interface/lonmenu.pm:1.505 loncom/interface/lonmenu.pm:1.506
--- loncom/interface/lonmenu.pm:1.505 Sat Mar 6 13:40:33 2021
+++ loncom/interface/lonmenu.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Routines to control the menu
#
-# $Id: lonmenu.pm,v 1.505 2021/03/06 13:40:33 raeburn Exp $
+# $Id: lonmenu.pm,v 1.506 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -604,7 +604,7 @@
}
if ($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://}) {
if (($ENV{'SERVER_PORT'} == 443) || ($env{'request.use_absolute'} =~ m{^https://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl())) {
unless ($$menuitem[0] =~ m{^https?://}) {
$$menuitem[0] = 'http://'.$ENV{'SERVER_NAME'}.$$menuitem[0];
}
Index: loncom/interface/lonnavmaps.pm
diff -u loncom/interface/lonnavmaps.pm:1.550 loncom/interface/lonnavmaps.pm:1.551
--- loncom/interface/lonnavmaps.pm:1.550 Wed Apr 22 14:53:03 2020
+++ loncom/interface/lonnavmaps.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# Navigate Maps Handler
#
-# $Id: lonnavmaps.pm,v 1.550 2020/04/22 14:53:03 raeburn Exp $
+# $Id: lonnavmaps.pm,v 1.551 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -1940,7 +1940,7 @@
if ($env{'request.course.id'}) {
if (($is_ssl) && ($src =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$src = 'http://'.$hostname.$src;
}
@@ -1948,7 +1948,7 @@
$srcHasQuestion = 1;
}
} elsif (($is_ssl) && ($src =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$src = 'http://'.$hostname.$src;
}
Index: loncom/interface/lonprintout.pm
diff -u loncom/interface/lonprintout.pm:1.672 loncom/interface/lonprintout.pm:1.673
--- loncom/interface/lonprintout.pm:1.672 Tue Mar 3 01:16:35 2020
+++ loncom/interface/lonprintout.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Printout
#
-# $Id: lonprintout.pm,v 1.672 2020/03/03 01:16:35 raeburn Exp $
+# $Id: lonprintout.pm,v 1.673 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -3463,7 +3463,7 @@
if (($ENV{'SERVER_PORT'} == 443) && ($env{'request.course.id'}) &&
(($url =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) ||
($url =~ m{^\Q/adm/wrapper/ext/\E(?!https:)}))) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl())) {
$usehttp = 1;
}
}
Index: loncom/interface/lonsyllabus.pm
diff -u loncom/interface/lonsyllabus.pm:1.148 loncom/interface/lonsyllabus.pm:1.149
--- loncom/interface/lonsyllabus.pm:1.148 Mon Jan 20 16:27:54 2020
+++ loncom/interface/lonsyllabus.pm Thu Apr 29 17:45:22 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# Syllabus
#
-# $Id: lonsyllabus.pm,v 1.148 2020/01/20 16:27:54 raeburn Exp $
+# $Id: lonsyllabus.pm,v 1.149 2021/04/29 17:45:22 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -187,7 +187,8 @@
unless ($allowed && $forceedit) {
if (($env{'user.name'} eq 'public') && ($env{'user.domain'} eq 'public') &&
($ENV{'SERVER_PORT'} == 443) && ($external =~ m{^http://}) && !($env{'form.usehttp'})) {
- unless (&Apache::lonnet::uses_sts()) {
+ my $hostname = $r->hostname();
+ unless ((&Apache::lonnet::uses_sts()) || (&Apache::lonnet::waf_allssl($hostname))) {
&redirect_to_http($r);
return OK;
}
Index: loncom/lonnet/perl/lonnet.pm
diff -u loncom/lonnet/perl/lonnet.pm:1.1448 loncom/lonnet/perl/lonnet.pm:1.1449
--- loncom/lonnet/perl/lonnet.pm:1.1448 Sun Apr 18 02:24:05 2021
+++ loncom/lonnet/perl/lonnet.pm Thu Apr 29 17:45:23 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network
# TCP networking package
#
-# $Id: lonnet.pm,v 1.1448 2021/04/18 02:24:05 raeburn Exp $
+# $Id: lonnet.pm,v 1.1449 2021/04/29 17:45:23 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -2781,7 +2781,7 @@
}
}
if (ref($domconfig{'wafproxy'}) eq 'HASH') {
- foreach my $item ('ipheader','trusted','vpnint','vpnext') {
+ foreach my $item ('ipheader','trusted','vpnint','vpnext','sslopt') {
if ($domconfig{'wafproxy'}{$item}) {
$domdefaults{'waf_'.$item} = $domconfig{'wafproxy'}{$item};
}
@@ -14354,6 +14354,22 @@
return;
}
+sub waf_allssl {
+ my ($host_name) = @_;
+ my $alias = &get_proxy_alias();
+ if ($host_name eq '') {
+ $host_name = $ENV{'SERVER_NAME'};
+ }
+ if (($host_name ne '') && ($alias eq $host_name)) {
+ my $serverhomedom = &host_domain($perlvar{'lonHostID'});
+ my %defdomdefaults = &get_domain_defaults($serverhomedom);
+ if ($defdomdefaults{'waf_sslopt'}) {
+ return $defdomdefaults{'waf_sslopt'};
+ }
+ }
+ return;
+}
+
sub get_requestor_ip {
my ($r,$nolookup,$noproxy) = @_;
my $from_ip;
@@ -14422,6 +14438,7 @@
trusted => $domdefaults{'waf_trusted'},
vpnint => $domdefaults{'waf_vpnint'},
vpnext => $domdefaults{'waf_vpnext'},
+ sslopt => $domdefaults{'waf_sslopt'},
};
return $proxyinfo;
}
Index: loncom/auth/lonroles.pm
diff -u loncom/auth/lonroles.pm:1.348 loncom/auth/lonroles.pm:1.349
--- loncom/auth/lonroles.pm:1.348 Thu Apr 22 20:14:22 2021
+++ loncom/auth/lonroles.pm Thu Apr 29 17:45:24 2021
@@ -1,7 +1,7 @@
# The LearningOnline Network with CAPA
# User Roles Screen
#
-# $Id: lonroles.pm,v 1.348 2021/04/22 20:14:22 raeburn Exp $
+# $Id: lonroles.pm,v 1.349 2021/04/29 17:45:24 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -831,8 +831,9 @@
if (($dest =~ m{^\Q/public/$cdom/$cnum/syllabus\E.*(\?|\&)usehttp=1}) ||
($dest =~ m{^\Q/adm/wrapper/ext/\E(?!https:)})) {
if ($ENV{'SERVER_PORT'} == 443) {
- unless (&Apache::lonnet::uses_sts()) {
- my $hostname = $r->hostname();
+ my $hostname = $r->hostname();
+ unless ((&Apache::lonnet::uses_sts()) ||
+ (&Apache::lonnet::waf_allssl($hostname))) {
if ($hostname ne '') {
$dest = 'http://'.$hostname.$dest;
}
Index: rat/lonpageflip.pm
diff -u rat/lonpageflip.pm:1.102 rat/lonpageflip.pm:1.103
--- rat/lonpageflip.pm:1.102 Thu Feb 18 14:48:02 2021
+++ rat/lonpageflip.pm Thu Apr 29 17:45:25 2021
@@ -2,7 +2,7 @@
#
# Page flip handler
#
-# $Id: lonpageflip.pm,v 1.102 2021/02/18 14:48:02 raeburn Exp $
+# $Id: lonpageflip.pm,v 1.103 2021/04/29 17:45:25 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -304,7 +304,7 @@
}
sub check_http_req {
- my ($srcref) = @_;
+ my ($srcref,$hostname) = @_;
return unless (ref($srcref) eq 'SCALAR');
my $usehttp;
if ($env{'request.course.id'}) {
@@ -313,13 +313,15 @@
if (($$srcref =~ m{^\Q/public/$cdom/$cnum/syllabus\E($|\?)}) &&
($ENV{'SERVER_PORT'} == 443) &&
($env{'course.'.$env{'request.course.id'}.'.externalsyllabus'} =~ m{^http://})) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) ||
+ (&Apache::lonnet::waf_allssl($hostname))) {
$$srcref .= (($$srcref =~/\?/)? '&':'?') . 'usehttp=1';
$usehttp = 1;
}
} elsif (($$srcref =~ m{^\Q/adm/wrapper/ext/\E(?!https:)}) &&
($ENV{'SERVER_PORT'} == 443)) {
- unless (&Apache::lonnet::uses_sts()) {
+ unless ((&Apache::lonnet::uses_sts()) ||
+ (&Apache::lonnet::waf_allssl($hostname))) {
my ($url,$anchor) = ($$srcref =~ /^([^\#]+)(?:|(\#[^\#]+))$/);
$$srcref = $url . (($$srcref =~/\?/)? '&':'?') . 'usehttp=1' .$anchor;
$usehttp = 1;
@@ -390,7 +392,7 @@
}
} elsif ($direction eq 'firstanswerable') {
my $furl = &first_answerable_ressymb();
- my $usehttp = &check_http_req(\$furl);
+ my $usehttp = &check_http_req(\$furl,$hostname);
if (($usehttp) && ($hostname ne '')) {
$furl='http://'.$hostname.$furl;
} else {
@@ -455,7 +457,7 @@
}
if ($direction eq 'firstres') {
my $furl=&first_accessible_resource();
- my $usehttp = &check_http_req(\$furl);
+ my $usehttp = &check_http_req(\$furl,$hostname);
if (($usehttp) && ($hostname ne '')) {
$furl='http://'.$hostname.$furl;
} else {
@@ -481,7 +483,7 @@
$id=$hash{'map_pc_'.&Apache::lonnet::clutter($murl)}.'.'.$id;
$newloc=$hash{'src_'.$id};
if ($newloc) {
- $usehttp = &check_http_req(\$newloc);
+ $usehttp = &check_http_req(\$newloc,$hostname);
if ($hash{'encrypted_'.$id}) {
$newloc=&Apache::lonenc::encrypted($newloc);
}
@@ -623,7 +625,7 @@
# ------------------------------------- Check for and display critical messages
my ($redirect, $url) = &Apache::loncommon::critical_redirect(300,'flip');
unless ($redirect) {
- my $usehttp = &check_http_req(\$redirecturl);
+ my $usehttp = &check_http_req(\$redirecturl,$hostname);
if (($usehttp) && ($hostname ne '')) {
$url='http://'.$hostname.$redirecturl;
} else {
@@ -690,7 +692,7 @@
ENDSTART
foreach my $id (@possibilities) {
my $src = $multichoicehash{'src_'.$id};
- my $usehttp = &check_http_req(\$src);
+ my $usehttp = &check_http_req(\$src,$hostname);
if (($usehttp) && ($hostname ne '')) {
$src = 'http://'.$hostname.$src;
}
More information about the LON-CAPA-cvs
mailing list