Here's the scenario:

"Default front page" is set to something like "node/123" under Administer -> Site configuration -> Site information.

Secure Pages has "Switch back to http pages when there are no matches" turned on.

Now, say I'm viewing a page I've told Secure Pages to secure (https://example.com/secure/some_page) and from that page, I click on a link to my home page, which is not set to be secured (link would be to https://example.com/). Instead of Secure Pages redirected me to http://example.com/ it redirects to http://example.com/node/123. It should not do that.

Secure Pages seems to be using an internal Drupal path to redirect to, instead of just using the request URI. So, a similar problem could occur in other situations as well.

Comments

grendzy’s picture

Status: Active » Closed (won't fix)

The 5.x branch is no longer supported. If this issue is still present in a current version of Secure Pages, please update the issue summary, change the version field, and re-open the issue.