diff options
author | Brion Vibber <brion@pobox.com> | 2010-12-16 17:02:02 -0800 |
---|---|---|
committer | Brion Vibber <brion@pobox.com> | 2010-12-16 17:02:02 -0800 |
commit | 46d9496ee690f6719feb87cb220105fdaf0dcca3 (patch) | |
tree | 48e5879a2fa2d87d29c970a9fd941e9648390675 /install.php | |
parent | 532178e3ee455218338b619c6cd35089db16ade5 (diff) |
Tickets #2112, 2333, 1677, 2362, 2831: fix AJAX form posting on SSL page views with ssl=sometimes
These have been failing for ages due to our outputting full URLs all the time, usually with the default protocol instead of the current one.
Forms would get output with an http: URL in their contents even when destined for an HTTPS page; while a regular form submission would just warn you about the secure->insecure transition, the AJAX code was failing outright and then not bothering to fall back to the regular submission.
I found it was easy to detect the mismatch -- just check the target URL and the current page's protocol before submitting.
Since failing over to non-AJAX submission to the HTTP URL throws up a warning, I figured it'd be easier (and much nicer for users) to just let it rewrite the target URL to use the secure protocol & hostname before doing the final submit.
This check is now automatically done for anything that calls SN.U.FormXHR() -- making most of our buttons on notices and profile/group headers work naturally.
The notice form setup code also runs the rewrite, which gets posting working without an error dialog.
I'd prefer in the long run to simply use relative URLs in most of our output; it avoids this problem completely and lets users simply stay in the current protocol mode instead of being constantly switched back to HTTP when clicking around.
(Note that folks using the SSLAlways extension to Firefox, for instance, will have their browsers constantly sending them back to HTTP pages, mimicking the desired user experience even though we haven't fully implemented it. These folks are likely going to be a lot happier with forms that submit correctly to go along with it!)
Diffstat (limited to 'install.php')
0 files changed, 0 insertions, 0 deletions