diff options
author | Joey Hess <joeyh@joeyh.name> | 2018-01-05 11:40:18 -0400 |
---|---|---|
committer | Joey Hess <joeyh@joeyh.name> | 2018-01-05 11:59:35 -0400 |
commit | a79ab9ed186112056d7f60e41e8d0760c2cc13f5 (patch) | |
tree | cd0bb678038afd22e54b875dd19e13405a5719a5 /IkiWiki.pm | |
parent | 71064e3af6638616659ed1319ec78f9692ba9fde (diff) | |
download | ikiwiki-a79ab9ed186112056d7f60e41e8d0760c2cc13f5.tar ikiwiki-a79ab9ed186112056d7f60e41e8d0760c2cc13f5.tar.gz |
add and use cgiurl_abs_samescheme
* emailauth: Fix cookie problem when user is on https and the cgiurl
uses http, by making the emailed login link use https.
* passwordauth: Use https for emailed password reset link when user
is on https.
Not entirely happy with this approach, but I don't currently see a
better one.
I have not verified that the passwordauth change fixes any problem,
other than the user getting a http link when they were using https.
The emailauth problem is verified fixed by this commit.
This commit was sponsored by Michael Magin.
Diffstat (limited to 'IkiWiki.pm')
-rw-r--r-- | IkiWiki.pm | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm index 1eda16da1..0d87242eb 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -1232,6 +1232,19 @@ sub cgiurl_abs (@) { URI->new_abs(cgiurl(@_), $config{cgiurl}); } +# Same as cgiurl_abs, but when the user connected using https, +# will be a https url even if the cgiurl is normally a http url. +# +# This should be used for anything involving emailing a login link, +# because a https session cookie will not be sent over http. +sub cgiurl_abs_samescheme (@) { + my $u=cgiurl_abs(@_); + if (($ENV{HTTPS} && lc $ENV{HTTPS} ne "off")) { + $u=~s/^http:/https:/i; + } + return $u +} + sub baseurl (;$) { my $page=shift; |