Currently, http:// is hardcoded in the constructor of AmazonS3StreamWrapper. To avoid warnings about insecure URLs, I would like to be able to change this to https://. I can make a patch for this if you want.

CommentFileSizeAuthor
#16 serve-files-over-ssl-1555086-16.patch9.09 KBjustafish
#15 serve-files-over-ssl-1555086-15.patch9.03 KBjustafish
#14 serve-files-over-ssl-1555086-14.patch9.36 KBjustafish
#12 amazons3-always-ssl-presigned-1555086-12.patch1.7 KBj.branson
#11 amazons3_https-protocol-support_1555086-11.patch1.06 KBbkonetzny
#8 1555086-8-s3-protocol-support.patch954 bytesgeerlingguy
#7 1555086-7-s3-protocol-support.patch823 bytesgeerlingguy
#1 amazons3-https-1555086-1.patch2.13 KBJorrit

Comments

Jorrit’s picture

Jorrit commented
Status: Active » Needs review
StatusFileSize
new amazons3-https-1555086-1.patch2.13 KB

Here is a patch for this feature.

tomfilepp’s picture

tomfilepp commented

You saved the day, thanks for this.

alfaguru’s picture

alfaguru commented

I think it would be better to use protocol relative URLs and avoid any requirement for an extra variable. We serve some pages over SSL and some not, so the approach in the above patch won't help us. Here's how this can be done, instead:

--- a/sites/all/modules/contrib/amazons3/AmazonS3StreamWrapper.inc
+++ b/sites/all/modules/contrib/amazons3/AmazonS3StreamWrapper.inc
@@ -98,14 +98,14 @@ class AmazonS3StreamWrapper implements DrupalStreamWrapperInterface {
     if (variable_get('amazons3_cname', 0)) {
       $domain = variable_get('amazons3_domain', '');
       if(strlen($domain) > 0) {
-        $this->domain = 'http://' . $domain;
+        $this->domain = '//' . $domain;
       }
       else {
-        $this->domain = 'http://' . $this->bucket;
+        $this->domain = '//' . $this->bucket;
       }
     }
     else {
-      $this->domain = 'http://' . $this->bucket . '.s3.amazonaws.com';
+      $this->domain = '//' . $this->bucket . '.s3.amazonaws.com';
     }

     // Check whether local file caching is turned on
Jorrit’s picture

Jorrit commented

That is also fine for me, thanks for improving on the patch.

tripper54’s picture

tripper54 commented

I'm wondering if this should change the URL for https from

[bucket-name].s3.amazonaws.com

to

s3.amazonaws.com/[bucket-name]

Reason being if your bucket has dots in the name (eg files.mydomain.com) then amazon's *.s3.amazonaws.com certificate will not validate.

Or did you guys figure out another way around this problem?

geerlingguy’s picture

geerlingguy commented

Marked #1741992: Support serving content over ssl as a duplicate.

Also, to tripper54/#5: Please see #1673888: Error with bucket names containing dots (.) over SSL.

geerlingguy’s picture

geerlingguy commented
StatusFileSize
new 1555086-7-s3-protocol-support.patch823 bytes

A patch-ified version of #3 attached.

geerlingguy’s picture

geerlingguy commented
Title: Add option to use https:// for external urls » Serve files over SSL (https://) protocol if page is served via SSL.
StatusFileSize
new 1555086-8-s3-protocol-support.patch954 bytes

Updating title, new patch. Looking into this further, I found that emails (specifically) and other non-web contexts require an explicit protocol definition (like http://), and don't work with a simple //. Therefore, the attached patch detects whether the current page is being served over SSL or non-SSL, and defines the protocol appropriately.

[Edit: Of course, I hadn't tested this patch before posting it... therefore I didn't realize it didn't work :P. Back to patch in comment above until a better way can be found.]

davidwbarratt’s picture

davidwbarratt commented

Shouldn't you use $is_https instead of the $_SERVER super global?

Thanks!

davidwbarratt’s picture

davidwbarratt commented
Status: Needs review » Needs work

I tested the most recent patch and it works! The only thing that probably should be changed is using the $is_https unless someone has a reason why using the global is a bad idea in this context?

Thanks!

bkonetzny’s picture

bkonetzny commented
Status: Needs work » Needs review
StatusFileSize
new amazons3_https-protocol-support_1555086-11.patch1.06 KB

Attached patch uses the same logic Drupal core uses to set the current scheme (http or https) based on the $is_https global.

j.branson’s picture

j.branson commented
Issue summary: View changes
StatusFileSize
new amazons3-always-ssl-presigned-1555086-12.patch1.7 KB

This builds on #11 to permanently add https support for pre-signed and torrent urls as it seems if it is a pre-signed url then it should be served via https no matter. Uses AWS get_object_url $opts array().

justafish’s picture

justafish
she/her
Primary language English
Location London, UK
commented
Status: Needs review » Needs work

I would prefer the solution in #3

I don't think presigned and torrented URLs should be hardcoded to use ssl

justafish’s picture

justafish
she/her
Primary language English
Location London, UK
commented
Status: Needs work » Needs review
StatusFileSize
new serve-files-over-ssl-1555086-14.patch9.36 KB

please review!

justafish’s picture

justafish
she/her
Primary language English
Location London, UK
commented
StatusFileSize
new serve-files-over-ssl-1555086-15.patch9.03 KB

eww, whitespace

justafish’s picture

justafish
she/her
Primary language English
Location London, UK
commented
StatusFileSize
new serve-files-over-ssl-1555086-16.patch9.09 KB

Fix some warnings when using "*" as the path

justafish’s picture

justafish
she/her
Primary language English
Location London, UK
commented
Status: Needs review » Fixed

committed
https://github.com/justafish/amazons3/commit/04891ba2f9907523fc7b3098a17...

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.