diff options
| author | Simon McVittie <smcv@debian.org> | 2014-10-05 22:56:55 +0100 |
|---|---|---|
| committer | Simon McVittie <smcv@debian.org> | 2014-10-05 23:49:37 +0100 |
| commit | d712389ae3e8351c1416aa81d4b85586cf98f002 (patch) | |
| tree | 061c5a01b27288baa7b90d96fab19dd1513ee3bd /IkiWiki.pm | |
| parent | 5014a091ba14a6ecf05cfc5f5ae67331b506b348 (diff) | |
| download | ikiwiki-d712389ae3e8351c1416aa81d4b85586cf98f002.tar ikiwiki-d712389ae3e8351c1416aa81d4b85586cf98f002.tar.gz | |
Avoid mixed content when cgiurl is https but url is not
Diffstat (limited to 'IkiWiki.pm')
| -rw-r--r-- | IkiWiki.pm | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm index c1518a2ae..38b91ae1d 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -613,7 +613,26 @@ sub checkconfig () { $local_cgiurl = $cgiurl->path; - if ($cgiurl->scheme ne $baseurl->scheme) { + if ($cgiurl->scheme eq 'https' && + $baseurl->scheme eq 'http') { + # We assume that the same content is available + # over both http and https, because if it + # wasn't, accessing the static content + # from the CGI would be mixed-content, + # which would be a security flaw. + + if ($cgiurl->authority ne $baseurl->authority) { + # use protocol-relative URL for + # static content + $local_url = "$config{url}/"; + $local_url =~ s{^http://}{//}; + } + # else use host-relative URL for static content + + # either way, CGI needs to be absolute + $local_cgiurl = $config{cgiurl}; + } + elsif ($cgiurl->scheme ne $baseurl->scheme) { # too far apart, fall back to absolute URLs $local_url = "$config{url}/"; $local_cgiurl = $config{cgiurl}; @@ -626,6 +645,7 @@ sub checkconfig () { $local_cgiurl = $config{cgiurl}; $local_cgiurl =~ s{^https?://}{//}; } + # else keep host-relative URLs } $local_url =~ s{//$}{/}; |