Autocomplete problem
Liberation - December 11, 2008 - 00:26
| Project: | Secure Pages |
| Version: | 6.x-1.7-beta2 |
| Component: | Code |
| Category: | support request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | closed |
Jump to:
Description
I've been having problems with securepages that when being logged in and continuing in https secure mode then autocomplete on user fields is not working, i.e. when overriding the "Authored by:" field on node input. The reason is the HTML code generated uses an insecure connection, and this violates "same-domain" Javascript rules. In FF 3.0.4 when I put a "C" in that field I get:
Security Error: Content at https://www.thenvfa.org/node/add/story may not load data from http://www.thenvfa.org/user/autocomplete/C.
Error: uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "https://www.thenvfa.org/misc/jquery.js?p Line: 13"]and something similar happens in IE6. I can fix this in /includes/form.inc where the absolute reference is generated. A patch for R6.6 to do this is attached, but I'm not really sure that is the right way. Views?
| Attachment | Size |
|---|---|
| file.inc_.r6.6.https_.patch | 797 bytes |
#1
I should add my securepages settings are:
Make secure only:
node/add*
node/*/edit
user/*
admin*
contact
Ignore:
*/autocomplete/*
"Switch back" is off and the two base URL's are blank.
#2
I found that there was a difference between the defaults for the settings page and other pages. So reset you settings and it should fix the problem.
#3
I tried your suggestion, but it made no difference. I have however identified what I think is the root of the problem. Because of various Apache directory and rewrite issues, I have to have the following line in my /sites/default/settings.php:
$base_url = 'http://www.thenvfa.org'; // NO trailing slash!Now, if I change the http: to https: the autocomplete works successfully. However, this means that many page accesses are forced to be via https: even when not strictly necessary. It is not possible to omit the protocol part of the URL. Is there any way to extend the definition of $base_url to pick up the current operative protocol? I've also tried setting the appropriate full URI's into the Non-secure Base URL: and Secure Base URL: entry fields and it makes no improvement.
#4
Make sure both the "Secure Base URL: " and "Non-secure Base URL: " are correct on the secure pages settings page
#5
Re #4, yes, I have done that and it makes no difference to this issue. You can test this easily yourself by simply setting your $base_url in /sites/default/settings.php as in #3 to your home URL (making sure it uses http://). Then try the autocomplete function, e.g. by editing a node and blanking out the Author field and typing a letter. It's useful to have the FF Error Console open when doing this.
#6
#7
This is a hack, but i changed the Ignore line that read "*/autocomplete/*" to "*autocomplete*". This got rid of an issue I've had with every other query returning an "HTTP error 302" alert. Yes, strangely, only every other query submission generated this error, while the opposite moments return a successful autocomplete list. The above hack cleared up my issues. I am considering naming my autocomplete path something else more unique and reverting the Ignore settings. Right now I have a "autocomplete/userlist" and "autocomplete/courselist".
Anyway, I hope this helps someone else, since it took me a good hour to figure out that this had something to do with the Secure Pages module.
#8
This is not a hack. This is by design. Since autocomplete can be called from both secure and insecure pages. So what the ignore does is not switch between secure and insecure, so an autocomplete from a secure page will remain secure, where as it will stay insecure if it is called from an insecure page.
#9
Automatically closed -- issue fixed for 2 weeks with no activity.