Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
It appears the progress bar doesn't work with HTTPS.
My QA site is wrapped in SSL, but another instance is on http and on that one I get the progress bar. Both are on the same server/Apache/PHP/etc engine. So, although I'm not turning SSL off & on on the same exact instance, the two sites are otherwise mostly identical.
Comments
Comment #1
quicksketchI labored over this for a while today. You're right, the progress bar does not work with HTTPS/SSL. I setup my localhost with a self-signed certificate. Visiting http://localhost/node/add/file works with the progress bar just fine. The exact same page at https://localhost/node/add/file, the progress bar does not work.
I couldn't find any possible resources on getting the PECL uploadprogress extension or APC to work with SSL. I'm guessing it has something to do with the way SSL operates, that such compatibility isn't possible (or not currently supported). I'm not a server-guru though, so I can't claim that I know the reason why it doesn't work, or what to do to get it working.
I attempted to work-around the problem, by submitting the AJAX upload requests via HTTP instead of HTTPS, with the following rewrite rules:
The worked in rerouting the requests when you visit https://localhost/filefield/ahah, but it didn't do any good, since the the 302 redirect isn't supported by our AHAH library (it just returns an Apache 302 error page).
Comment #2
quicksketchWell... after some more testing, https suddenly started working. I haven't made any changes that I can find... restarting the server and checking out clean copies, trying in both Safari and Firefox... it still works. I guess it's encouraging to know it can work, but I have no idea what change made it start working.
Comment #3
mudd CreditAttribution: mudd commented@quicksketch --
When you say "https suddenly started working" -- do you mean with your workaround? I don't believe this will work for me because our site forces https by way of session authentication. It sounds like your environment will work with either http or https -- which is not the case for me.
I have server cert and private key SSL setup -- is there anything you'd have me look at as a test?
Comment #4
quicksketchYeah, that's the problem, I don't know what changed (nothing as far as I know). The workaround is not necessary. I've set up the site with a self-signed SSL certificate (no password though). So far I don't know what is necessary to make it work. It didn't work at all when I first set it up, then after 30 minutes or so it kicked in, I undid everything I changed and it keeps working (even after several restarts).
Comment #5
mudd CreditAttribution: mudd commentedIt turns out to be prototype.js which I use for tooltips (Prototip), and using Prototype and jQuery together.
(I recall a while back some jQuery stuff was not working on my views, and I resorted to changing a module's shorthand $() to longhand jQuery(). This same change didn't work for FileField due to other modules (views) using shorthand in forms. So rather than chase down a bunch of other modules I'll try to fix prototype or find another tooltip).
Comment #6
hadsie CreditAttribution: hadsie commentedI'm using the latest version of filefield and still having this issue... I'm not sure what #5 actually means. Is this ticket fixed, or do I need to upgrade one of my libraries to make it work? Also, I wasn't able to get the workaround in #1 working for me.
Comment #7
quicksketch@hadsie: Basically the issue with HTTPS and FileField is not actually a bug, you just need to make sure that FileField AJAX requests are done via HTTP instead of HTTPS. #1 is actually a working solution, as far as I know.
Comment #8
quicksketchComment #9
windm CreditAttribution: windm commentedHi there, although this issue is closed: Using the module "Secure Pages" makes it easy to define, that paths like filefield/* (or */autocomplete/* or */ajax/*) should be ignored. So it seems to me that the module somehow offers what is done via some code in #1.
At least it seems to work for me now adding the filefield/* to the "ignore pages" area of the secure pages module...
Comment #10
Francewhoa@All :) We are confirming this challenge with HTTPS and Drupal FileField module. Thanks to Stefan F. for his Discovery to confirming this.
Comment #11
Francewhoa@windm :) Thanks for your workaround in your comment #9 above :) I added it to this general documentation at https://www.drupal.org/node/793264#gen-faq---bar-stuck
We are facing the same challenge. For those not familiar with "Secure Pages" module, it is located at https://www.drupal.org/project/securepages
In other words, windm's workaround is using the securepages module you are able to force specific URL(s)/page(s) to use HTTP instead of HTTPS
Comment #12
Francewhoa@quicksketch :) Thanks for your rewrite rules workaround in your comment #1 above
I added your workaround to this general documentation at https://www.drupal.org/node/793264#gen-faq---bar-stuck