Problems with URLs generated by gallery
53 views
Skip to first unread message
Jon Schewe
Dec 21, 2024, 1:24:23 PM12/21/24
to gallery...@googlegroups.com
I have gallery setup with Apache behind HAproxy
When trying to add an album I see the following in my web browser console:
Blocked loading mixed active content “http://HOSTNAME/GALLERY/modules/gallery/js/albums_form_add.js”
Ideally this URL reference would not be absolute, however I have yet to figure out how to modify the code to do that properly. The code is
$form->script("")
->url(url::abs_file("modules/gallery/js/albums_form_add.js"));
Watching the traffic between haproxy and apache I see that the standard forwarded for headers are present stating that this is an https connection
host: HOSTNAME
user-agent: Mozilla/5.0 (X11; Linux x86_64; rv:133.0) Gecko/20100101 Firefox/133.0
accept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5
accept-language: en-US,en;q=0.5
accept-encoding: gzip, deflate, br, zstd
sec-fetch-dest: image
sec-fetch-mode: no-cors
sec-fetch-site: same-origin
priority: u=6
pragma: no-cache
cache-control: no-cache
te: trailers
x-forwarded-proto: https
x-forwarded-host: HOSTNAME
x-forwarded-for: CLIENT_IP
connection: close
What I'm not sure of is which method here is at fault and how to make the method behave and use "https" instead of "http".
I've tried adding "SetEnv SITE_PROTOCOL https" to my Apache2 configuration and that didn't help.
I tried modifying application/config/config.php to explicitly set site_protocol to https and that broke a bunch of things as I found lots of URLS pointing to https://HOSTNAME:80, which is very wrong.
I tried changing the code to use url::file instead of url::abs_file and that gave me javascript errors.
Anyone have suggestions on how to make this work?
David and Jackie Armstrong
Dec 22, 2024, 7:19:17 AM12/22/24
to gallery...@googlegroups.com
Jon,
Can you use your browser settings to force use of secure connections, as these warnings are from your browser? For example for Chrome:
- HTTPS-only in Chrome is available for both desktop and mobile in Chrome 94.
- Settings > Privacy and security > Security > Scroll to bottom > Toggle “Always use secure connections”
Regards,
David Armstrong.
--
WHEN USING AN EMAIL PROGRAM to reply to this message, click REPLY TO LIST or REPLY TO ALL so your reply goes out to everyone in the group. If you click REPLY or REPLY TO SENDER Google will *only* send your reply to the original author (not recommended).
To post a NEW MESSAGE to the group, send an new email to:
gallery...@googlegroups.com
To view or sign in to this group on the web, use this URL:
https://groups.google.com/forum/#!forum/gallery-3-users
---
You received this message because you are subscribed to the Google Groups "Gallery 3 Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gallery-3-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/gallery-3-users/d4c07b40969591317c07e00351be4f077a3ef0de.camel%40mtu.net.
Adrian London
Dec 23, 2024, 10:20:33 AM12/23/24
to Gallery 3 Users
My guess is that this is an issue with HAproxy. My site is hosted, so I've no idea about proxies, load balancers etc.
Your code using "url::abs_file" looks correct.
Looking at my G3 code .....
in modules/gallery/helpers/MY_url.php
static function abs_file($path)
{
return url::base(FALSE, request::protocol()) . $path;
}
{
return url::base(FALSE, request::protocol()) . $path;
}
in module/gallery/helpers/album.php
$form->script("")
->url(url::abs_file("modules/gallery/js/albums_form_add.js"));
->url(url::abs_file("modules/gallery/js/albums_form_add.js"));
So same as yours, and in my case everything stays happily with https.
--
Adrian
Jon Schewe
Dec 23, 2024, 10:27:46 AM12/23/24
to gallery...@googlegroups.com
I'm guessing that gallery isn't current enough to know about checking headers that are set by proxy servers for this kind of thing. I noticed that all of this logic for checking URLs is custom by gallery rather than using something from php libraries, so unless someone has taken the time to update the code for the header checks, I think it's going to be a problem.
--
WHEN USING AN EMAIL PROGRAM to reply to this message, click REPLY TO LIST or REPLY TO ALL so your reply goes out to everyone in the group. If you click REPLY or REPLY TO SENDER Google will *only* send your reply to the original author (not recommended).
To post a NEW MESSAGE to the group, send an new email to:
gallery...@googlegroups.com
To view or sign in to this group on the web, use this URL:
https://groups.google.com/forum/#!forum/gallery-3-users
---
You received this message because you are subscribed to the Google Groups "Gallery 3 Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gallery-3-use...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/gallery-3-users/f555b936-74b3-4f3d-97aa-0e672c267c52n%40googlegroups.com.
Jon Schewe
Dec 23, 2024, 10:55:46 AM12/23/24
to gallery...@googlegroups.com
I spent some more time on it this morning and figured out how to make it work. PR is in https://github.com/bwdutton/gallery3/pull/33
Adrian London
Dec 23, 2024, 6:33:26 PM12/23/24
to Gallery 3 Users
Well spotted, Jon!
Reply all
Reply to author
Forward
0 new messages