From: Jon Hallett <Jon.Hallett AT uwe.ac.uk>
Date: Fri, 27 Jul 2012 11:55:41 +0100
| Threading: | ↑ [EP-tech] Re: Problem with secured documents and differing from Jon.Hallett AT uwe.ac.uk • This Message |
Okay, so I think I've found the problem, and it is indeed related to the ↵
Screen::Logout problem we had.
I think the root cause of the problem is that, as with Screen::Logout, url_stem ↵
in EPrints::DataObj::Eprint uses get_conf( "http_url" ) rather than ↵
get_url( path => "static, host => 1 ):
sub url_stem
{
my( $self ) = AT _;
my $repository = $self->{session}->get_repository;
my $url;
#$url = $repository->get_conf( "http_url" );
# jjh, 27th july 2012, attempt to fix http/https secure documents
$url = $self->{session}->get_url( path => "static", ↵
host => 1 );
$url .= '/';
$url .= $self->get_value( "eprintid" )+0;
$url .= '/';
return $url;
}
With that change made (and a consequential change in ↵
DataObj::Document::get_thumbnail), everything appears fine.
We are running version 3.3.6. I see that 3.3.10 works slightly differently, ↵
with Document::get_url recoded to remove its dependency on EPrint::url_stem. ↵
However, it now uses config( "http_url" ) which I don't think will ↵
work in all cases.
The general problem appears to be that config( "http_url" ) doesn't ↵
always work in a configuration which uses different domains for http and https. ↵
Any chance of a code audit to convert the lot?
Thanks,
Jon
-----Original Message-----
From: Jon Hallett
Sent: 16 July 2012 14:01
To: 'eprints-tech AT ecs.soton.ac.uk'
Subject: RE: Problem with secured documents and differing
No takers from the developers for this one? And I thought it was an ↵
'interesting' one... Maybe something similar to the problem we saw with ↵
Screen::Logout (http://www.eprints.org/tech.php/16546.html)?
Thanks,
Jon
-----Original Message-----
Message: 2
Date: Tue, 3 Jul 2012 15:38:32 +0100
From: Jon Hallett <Jon.Hallett AT uwe.ac.uk>
Subject: [EP-tech] Problem with secured documents and differing
HTTP/HTTPS domain names?
To: "'eprints-tech AT ecs.soton.ac.uk' (eprints-tech AT ↵
ecs.soton.ac.uk)"
<eprints-tech AT ecs.soton.ac.uk>
Message-ID:
<361D6B1A2B6D194081955E94772543F279E099C842 AT ↵
EGEN-MBX01.campus.ads.uwe.ac.uk>
Content-Type: text/plain; charset="us-ascii"
I think we have a problem with secured documents when EPrints is configured to ↵
use different domain names for HTTP and HTTPS.
The background is that we have a server called http://researchdata.uwe.ac.uk ↵
over HTTP and https://eprints.uwe.ac.uk/datasecure over HTTPS. We've uploaded a ↵
document to a user buffer. When you click on the link to download the document ↵
from, say,
https://eprints.uwe.ac.uk/datasecure/cgi/users/home?screen=EPrint::View&eprintid=10#t
the browser goes into an infinite loop as shown by Live HTTP headers:
http://researchdata.uwe.ac.uk/10/1/Lorem%20ipsum.doc
GET /10/1/Lorem%20ipsum.doc HTTP/1.1
Host: researchdata.uwe.ac.uk
HTTP/1.1 302 Need to login first
Date: Tue, 03 Jul 2012 14:26:19 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: ↵
/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
----------------------------------------------------------
http://researchdata.uwe.ac.uk/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
GET ↵
/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc HTTP/1.1
Host: researchdata.uwe.ac.uk
HTTP/1.1 302 Found
Date: Tue, 03 Jul 2012 14:26:19 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: ↵
https://eprints.uwe.ac.uk/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
----------------------------------------------------------
https://eprints.uwe.ac.uk/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
GET ↵
/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc HTTP/1.1
Host: eprints.uwe.ac.uk
HTTP/1.1 302 Moved
Date: Tue, 03 Jul 2012 14:26:19 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: http://researchdata.uwe.ac.uk/10/1/Lorem%20ipsum.doc
If I manually change the document URL to ↵
http://eprints.uwe.ac.uk/datasecure/10/1/Lorem%20ipsum.doc, it works fine.
Have I misconfigured something? Or is this a consequence of using different ↵
domain names for HTTP and HTTPS? Anything that can be done about that?
Fortunately our main EPrints instance works fine. It uses eprints.uwe.ac.uk for ↵
both HTTP and HTTPS. We've only come across this when adding a second instance.
Thanks,
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: ↵
http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20120703/e051c2e7/attachment.html
------------------------------
_______________________________________________
Eprints-tech mailing list
Eprints-tech AT ecs.soton.ac.uk
http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
End of Eprints-tech Digest, Vol 46, Issue 3
*******************************************
*** Options: http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
*** Archive: http://www.eprints.org/tech.php/
*** EPrints community wiki: http://wiki.eprints.org/