If an admin concludes his list of pages to secure with a blank line (e.g. by hitting enter after the last page on the securepages_secure list), the site's root page (e.g. /) will be identified as needing to be secure. This occurs because the path variable will be set to null, which will match up against the blank line in the securepages_secure list. The Secure Pages module will redirect to https, and append the site_frontpage drupal variable to the path. Chances are, this path will not be included in the securepages_secure list, so the site will redirect back down to http, leaving the site_frontpage path appended on.
This is problematic for several reasons: it causes problems with SEO, it slows the loading of the site's homepage, and it adds unnecessary load on the server.
It can be corrected by adding a trim() function call when retrieving the securepages_page variable (and probably the securepages_ignore variable) in the securepages_match function:
$pages = trim(variable_get('securepages_pages', "node/add*\nnode/*/edit\nuser/*\nadmin*"));
$ignore = trim(variable_get('securepages_ignore', "*/autocomplete/*\n*/ajax/*"));
Other modules require the <front> string to reference the frontpage, so removing any blank lines should not eliminate the ability to secure the frontpage, assuming you are providing that option.
Comments
Comment #1
digitalfrontiersmediaI was experiencing an issue where it seemed that all site pages would seem to redirect to https. Upon further testing, it then appeared that it did so somewhat randomly--redirecting sometimes and sometimes not. Came across this posting and checked and sure enough I had an extra blank line at the end of my list of secure pages. Removing it seems to have cured the issues.
Thanks so much for posting this! I thought I was just losing my mind.
Comment #2
royerd commentedIndeed. that was the problem for me too. Remove that return at the end of the line.
Comment #3
sanduhrsMarking this issue as a duplicate of #420712: Front page toggles between HTTP and HTTPS, as the other issue has a patch attached.