MyBB Community Forums

MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > ssl and friendly redirection
Full Version: ssl and friendly redirection
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

vbmybb

2010-11-23, 08:08 AM
Hi,

I have the same problem as described in the following thread:

http://community.mybb.com/thread-75513-page-1.html

i.e. using ssl on my 1.6.0 new installation with friendly redirection set to off, when login in I get redirected to https://forums.mysite.com/forums/https:/...com/forums, which of course returns a 404. Turning friendly redirection on works around the problem. I also have a 1.4.13 install which doesn't have this problem.

I don't really need friendly redirection. Is there a way to have 1.6.0 work with ssl without friendly redirection?

Thanks,
vb

Matt

2010-11-23, 09:51 AM
Probably related to this: [Issue #1070]

The new code is in my file, was fixed before 1.6 was released, if you've got this fixed code (you would do unless you're using a beta version) then I'd post on that ticket saying this problem still exists with https:// URLs for some reason.

vbmybb

2010-11-23, 10:27 AM
Thanks for the quick answer. I am running version 1.6.0, not a beta version. In [Issue #1070] it says that it checks whether $url has http:// in it, but not https://, could that be the problem?

Thanks

frostschutz

2010-11-23, 06:33 PM
https:// does not exist, as far as MyBB is concerned. It doesn't even automatically detect https:// links in postings Smile

http://www.google.de
https://www.google.de

http:// is hardcoded in several places, which may cause problems if you want to use https:// throughout.

global.php:241:if(substr($theme['imgdir'], 0, 7) == "http://")
portal.php:492:		if (!stristr($announcement['avatar'], 'http://'))
inc/functions.php:735:	$url = htmlspecialchars_uni("http://".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']);
inc/functions.php:818:		if(my_substr($url, 0, 7) !== 'http://')
inc/functions.php:2899:			if(my_substr($icon, 0, 1) != "/" && my_substr($icon, 0, 7) != "http://")

vbmybb

2010-11-24, 01:24 PM
I use mod_rewrite to redirect http to https which works fine except at login when friendly redirection is turned off.

frostschutz

2010-11-24, 01:35 PM
(2010-11-24, 01:24 PM)vbmybb Wrote: [ -> ]I use mod_rewrite to redirect http to https which works fine except at login when friendly redirection is turned off.

That would work too, except some browsers might complain getting redirected to http:// even if it's just for another redirection to https://

From a security standpoint, if someone can listen in to your traffic, the http:// -> https:// redirection alone tells them what URLs you are browsing. Whereas with pure https://, all they'd get is the domain name - and sometimes not even that, depends on whether the server name indication is being used or not.

So this is not a good solution...
MyBB Community Forums > Community Archive > Archived Forums > Archived Development and Support > MyBB 1.6 > 1.6 General Support > ssl and friendly redirection