New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTP redirection in midst of a HTTPS context #4129
Comments
I cannot reproduce this, neither on one of my own wikis nor https://www.dokuwiki.org/ . Login and editing work with HTTPS only. |
(note : The problem only occurred on successful logins) Could it be a combination of my nginx settings & dokuwiki ? I can give you a "default dokuwiki" that I'd just pasted on my webserver if it can help pinpoint the issue (maybe not, I'm still trying to cope with the fact you couldn't reproduce it :<) |
I can reproduce your error on your https://t2.arzinfo.eu.org/doku.php?id=start Does your setup involve a proxy? What's your DW baseurl setting? |
Yes, at least, that's what I was trying to go for.
No proxy.
I defined no baseurl - but I just tried to set it up, and it seem to fix the problem when set. Now, I still believe it's a bit of an issue in the basurl guessing but as nobody beside me seem to be able to replicate it, it looks very niche. For "if anyone fall on the same thing and do some connection I don't" here's an extract of my nginx config
|
It seems the HTTPS environment variable isn't set. Which is curious. I guess we could also check for the protocol in the REQUEST_URI... Lines 535 to 547 in 5719588
|
Oh nice. Apparently the "is_ssl" is called 3 time on each page. The 3 $_SERVER output are exactly the same (I used diff to check). Also neither Are ever set (I'm confused too ! Everything works https without any https flag ?) Here is also the $SERVER difference between "normal POST request" and the after "pushing the send button while editing a dokuwiki" is this :
Also because nothing changes for is_ssl check, that condition is the one that triggers every time and return "false"
|
How to reproduce : set your firefox browser with dom.security.https_only_mode=true
As a result you'll get stopped : 1/after login 2/after editing a page or settings or enabling a mod with the error "NS_ERROR_REDIRECT_LOOP".
If you check that line you can see that, yes. A http request is made - even out of a HTTPS context.
The text was updated successfully, but these errors were encountered: