I have found out today that if you visit an EE site that uses the {site_url} tag in the path of the css link in the document head, that the site can not load the CSS file if you type in https rather than http.
I have got round this by using a htaccess file to force onto the http, but I just wondered if there was a setting within EE that you can change to make both work?
This only happened on Chrome and IE, I am guessing depends what your browser is set up to allow security wise.
I got some great help on this problem previously. I hope it's useful to you now, too.
Few people know that you can use protocol-relative URL's for assets
Example:
<link rel="stylesheet" href="//www.site.com/site.css">
<script type="text/javascript" src="//www.site.com/site.js"></script>
If the browser is viewing an page in SSL through HTTPS, then it'll request that asset with the https protocol, otherwise it'll request it with HTTP.
This prevents that awful "This Page Contains Both Secure and Non-Secure Items" error message in IE, keeping all your asset requests within the same protocol.
more info from here:
A relative URL without a scheme (http:
or https:) is valid, per RTF 3986:
Section 4.2. If a client chokes on it,
then it's the client's fault because
they're not complying with the URI
syntax specified in the RFC.
Your example is valid and should work.
I've used that relative URL method
myself on heavily trafficked sites and
have had zero complaints. Also, we
test our sites in Firefox, Safari,
IE6, IE7 and Opera. These browsers all
understand that URL format
When I load CSS and JS I never use the domain I just set it relatively. for example:
<link rel="stylesheet" href="/layout/styles/layout.css" >
If you try this does that work?
You can use PHP in your system/expressionengine/config/config.php file to set the {site_url} configuration, including protocol, dynamically. Something like this:
// Detect protocol and server host
$protocol = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https://" : "http://";
$base_url = $protocol . $_SERVER['HTTP_HOST'];
// Set EE index page
$config['index_page'] = "";
// Set base and site URL
$config['base_url'] = $base_url . "/" . $config['index_page'];
$config['site_url'] = $config['base_url'];
You can build your theme paths, various image paths, upload paths, etc all from that basis in config.php. But $config['site_url'] is what affects the output of {path=""} and {stylesheet} tags.
For more ideas, see NSM's Config Bootstrap file or the article Configuring ExpressionEngine for multiple servers. For all the paths you can set in config.php, see EE2 Config Overrides
I use Nginx.
I don't know why but resources load significantly faster in various browsers if I use absolute URLs (the full path) instead of relative (/ to start the string at the domain as CreateSean said, // to start the string at the protocol as Deviarte said) (or is it that they load slower with relative URLs? I don't know.). Ergo, neither of their solutions/practices (both things that I used to do...and still do) are preferable for my environments these days.
Instead what I did is the following in the config.php:
$config['base_url'] = $_SERVER["scheme_url"];
$config['site_url'] = $_SERVER["scheme_url"];
Please note you may have to provide PHP with scheme_url if it does not already exist. If like me you are using php-fpm just add this to your configuration as/where needed in your nginx site configuration(s):
fastcgi_param scheme_url "$scheme://$host/";
edit:
Looking around at bootstrap/configs and some use the method of prepending the protocol to the config variables (e.g. the comment by unexplainedBacn above). In Nginx by default there is no HTTPS server variable, in your virtual host configuration for php under ssl add the following:
fastcgi_param HTTPS on;
All,
Here is how I used Apache and the Config.php file to rewrite the URLs so as not to trigger 'non-SSL content warnings' from browsers. I'm still using the {path} and {stylesheet} variables in my templates because they're just too good to pass up :)
In Apache's htaccess file:
# Set an Apache 'site_url' variable to http when accessed via http:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ - [E=site_url:http://mysite.com]
# Set Apache 'site_url' variable to https when accessed via https
RewriteCond %{SERVER_PORT} 443
RewriteRule ^(.*)$ - [E=site_url:https://mysite.com]
Then in system/expressionengine/config.php
Add the following two lines to your code (make sure you haven't set these variables elsewhere in the config file)
$config['base_url'] = $_SERVER["site_url"];
$config['site_url'] = $_SERVER["site_url"];
As I understand it, the site_url variable is what EE uses to for {stylesheets} and {paths} in EE.
The proverbial 'One last thing':
If you're still getting the non-SSL warning, just view source and search for 'http://' in your source. These are the culprits. They're are hard coded links that are not being set with the base_url/site_url variables.
You'll need to locate those http calls in your posts/templates/variables/snippets and replace those calls with a simple //.
So a call to
http://example.com/some_file.html
should now look like this:
//example.com/some_file.html.
This works for absolute and relative URLs.
This is also true for the path you set to the EE file upload directories. Makes sure change the url of those directories to look like this
//example.com/path/to/your/upload/directory
And voila, you should be good to go :)
Related
In next.js that uses php-like approach - files in pages folder became url paths. Like /pages/reader.js will be loaded by url http://localhost/reader.
Problem is that i can't undersand how to use non-english url path in next.js?
Codesandbox example. (Update page to load from server)
Url example:
http://localhost/читатель
That changes internally by chrome to:
http://localhost/%D1%87%D0%B8%D1%82%D0%B0%D1%82%D0%B5%D0%BB%D1%8C
In next.js pages folder file named:
pages/читатель.tsx // not working
pages/%D1%87%D0%B8%D1%82%D0%B0%D1%82%D0%B5%D0%BB%D1%8C.tsx //working but i can't name files like that, i will not find what i need later.
Maybe php users resolved this somehow ;)
try to use encodeURI() of core javascript which can convert the specific characters to the required url form
const url=encodeURI('читатель.tsx');
console.log(url);//%D1%87%D0%B8%D1%82%D0%B0%D1%82%D0%B5%D0%BB%D1%8C.tsx
Then we can use this path to navigate
I am setting up a Node.JS application using express, and I want domain.tld/hey to serve the public/index/index.html folder on the server (also containing other files such as .css or .js files).
However, I DO NOT want domain.tld/hey/ to work (the / at the end is a problem for me) and in this case, I want to display a custom error page located at public/error/index.html on the server.
Finally, when accessing domain.tld or domain.tld/, I want to display a custom homepage located at public/home/index.html on the server.
To summerize:
domain.tld or domain.tld/ serves public/home/index.html
domain.tld/something serves public/index/index.html
domain.tld/something/ or domain.tld/some/thing serves public/error/index.html
I already tried using express.static('folder', { redirect: false }) but it doesn't display the index.html file and I can't get the other things to work.
I really don't know how to do it!
I fortunately don't have any code to show you guys as this is more a theorical problem, since I am beggining with expressjs.
Thank you very much in advance for your answers, and please don't hesistate to ask for more details if you need some!
I would like to use the swagger-ui dist 'as-is'...well almost as-is.
Pulled down the latest release from github (2.0.24) and stuck it in a folder in my app. I then server it out statically with express:
app.use('/swagger', express.static('./node_modules/swagger-ui/dist'));
That works as expected when I go to:
https://mydomain.com/swagger
However I want to populate the url field to my swagger json dynamically. IE I may deploy to different domains:
https://mydomain.com/api-docs
https://otherdomain.com/api-docs
And when I visit:
https://mydomain.com/swagger
https://otherdomain.com/swagger
I would like to dynamically set the url.
Is that possible?
Assuming the /api-docs (or swagger.json) are always on the same path, and only the domain changes, you can set the url parameter of the SwaggerUi object to "/path/to/api-docs" or "/path/to/swagger.json"instead of a full URL. That would make the UI load that path as relative to the domain the UI is hosted on.
For reference, I'm leaving the original answer as well, as it may prove useful in some cases.
You can use the url parameter to set the URL the UI should load.
That is, if you're hosting it under https://mydomain.com/swagger you can use https://mydomain.com/swagger?url=https://mydomain.com/api-docs and https://mydomain.com/swagger?https://otherdomain.com/api-docs to point at the different locations.
However, as far as I know, this functionality is only available at the current alpha version (which should be stable enough) and not with 2.0.24 that you use (though it's worth testing).
Another method would be to use the swagger-ui middleware located in the swagger-tool.
let swaggerUi = require('../node_modules/swagger-tools/middleware/swagger-ui');
app.use(swaggerUi(config.swagger));
The variable config.swagger contains the swagger.yaml or swagger.json. I have in my setting
let config = {
appRoot: __dirname,
swagger: require('./api/swagger/swagger.js')
};
Note: I am using the require('swagger-express-mw') module
You could try with this on index.html file of the swagger-ui... It works for me.
if (url && url.length > 1) {
url = decodeURIComponent(url[1]);
} else {
url = window.location.origin + "/path/to/swagger.json";
}
I want to be able to open pdfs that live in a folder at /app/somefile/file.pdf via apache like this http://mysite/app/somefile.file.pdf. I've tried adding a RewriteCond in CakePHP's .htaccess file:
RewriteCond %{REQUEST_URI} !^/app/somefolder/ - [L]
But just get a 500 error. What am I doing wrong?
Use this in your controller and use routes to access it the way you want, opening up other folders for the world is NOT a good idea
Sending files
There are times when you want to send files as responses for your requests. Prior to version 2.3 you could use Media Views to accomplish that. As of 2.3 MediaView is deprecated and you can use CakeResponse::file() to send a file as response:
public function sendFile($id) {
$file = $this->Attachment->getFile($id);
$this->response->file($file['path']);
//Return reponse object to prevent controller from trying to render a view
return $this->response;
`enter code here`}
As shown in above example as expected you have to pass the file path to the method. CakePHP will send proper content type header if it’s a known file type listed in CakeReponse::$_mimeTypes. You can add new types prior to calling CakeResponse::file() by using the CakeResponse::type() method.
If you want you can also force a file to be downloaded instead of being displayed in the browser by specifying the options:
$this->response->file($file['path'], array('download' => true, 'name' => 'foo'));
source: http://book.cakephp.org/2.0/en/controllers/request-response.html#cake-response-file
You could use an Apache alias to make the contents of that directory publicly accessible:
Alias /app/somefile /app/webroot/somefile
Place the above code in a server/virtual host config file, not .htaccess.
Make sure the web server user has read access to that directory.
you could just make a symlink to them, though your apache config may or may not be allowed to follow them.
I was able to do this buy only adding this to the .htaccess file in the root:
RewriteCond %{REQUEST_URI} !^/app/somefolder/
(My original version had a [L] which is incorrect, and that's why it wasn't working.)
Just in case anyone doesn't already know: this is not generally a secure thing to do. I have very specific reasons for doing this.
We have a legacy (classic asp) CRM that I maintain in my organization. Users may upload files through the web front, they are stored on a network share and the filename, uploader, etc is saved to a database. Everything is well and good with the exception of .config files.
For some reason certain people can download these just fine, but other people recieve this error:
The type of page you have requested is not served because it has been explicitly forbidden. The extension '.config' may be incorrect.
it would seem that on some users computers the link for the file is "file://networkshare/filename" (which works) and on other machines it is "http://networkshare/filename". (which doesn't work)
I have the mime type for .config set to text/plain in iss6. All users are running IE8.
The code on the page creates a href links based on records returned from the database.
Why then is there there the difference in the way the link is rendered differently in the same browser on different pc's? How do I allow .config files allowing people to view the sites web.config?
The code that builds the link is:
function getlink(file_nm,path)
{
thisPage.navigate.CheckDocumentAttachedToRequest(file_nm, path)
var sDocLink = path.replace(/\//g,"\\") + "\\" + file_nm;
return "<A class=\"parislink2\" TARGET=\"_BLANK\" HREF=\"\\\\" + thisPage.get_sServerName() + "\\" + sDocLink + "\">" + file_nm + "</A>";
}
Weird.
I know that IIS 6 will return error 404.3 if a client request refers to a file name extension that is not defined in the MIME types.
However you do have it defined. You can try as a test using the wildcard () in your mime types. ( for the file extension and text/plain for the mime type.) The wildcard can be a security risk but if you are serving up configs..perhaps this application and server are internal to your network and it would be ok to use the wildcard.
I would also check your ISAPI extensions (not filters, but extensions) and make sure .config
is still in there. It should be by default.
Defining a mime type at the global level in IIS should filter down through and override any mime types set at the folder level.
An IIS reset is needed everytime you change mime types.
Perhaps it is a browser issue?
(an issue on the client side for the links that do not work..an issue like "browser control".)
It is almost as if some of the browsers are interpreting your function correctly when the link is built..and others are substituting "http" instead of "file" as the protocol when they render the HTML from the function call. Perhaps you could hardcode your function to us "file:" as a string that is placed at the begining of your link code. (trying to overide any "http" string that gets place in there by the HTML sent back by the server or rendered by IE8.)
The wildcard was filtered out for security purposes in the above post. (wildcard = "an asterisk")