Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-5122

Use scheme relative links to support https

      We have the first steps of https support happening right now. In order to make that fully work we need to change all internal links (links served by musicbrainz-server that point to musicbrainz-server to be scheme relative. (e.g. start with // and not / )

          [MBS-5122] Use scheme relative links to support https

          Kuno Woudt added a comment -

          This is marked as "in beta testing" because the nginx config for our frontends shipped to beta, but we still need to set up certificates and configure the load balancers to actually enable https:// on beta.

          Kuno Woudt added a comment - This is marked as "in beta testing" because the nginx config for our frontends shipped to beta, but we still need to set up certificates and configure the load balancers to actually enable https:// on beta.

          Kuno Woudt added a comment -

          I've not bothered with scheme relative links as the tickets asks for. Instead, I've configured nginx to set HTTPS correctly, as ocharles describes.

          commit 08eb69fcf1081cd0adb4a75abac91a48633769a6 in musicbrainz server.
          commit 5215a888130a42d8e1a5cd9d950de2433f741db5 in the nginx configuration (test only).

          Kuno Woudt added a comment - I've not bothered with scheme relative links as the tickets asks for. Instead, I've configured nginx to set HTTPS correctly, as ocharles describes. commit 08eb69fcf1081cd0adb4a75abac91a48633769a6 in musicbrainz server. commit 5215a888130a42d8e1a5cd9d950de2433f741db5 in the nginx configuration (test only).

          If you add this line:

          fastcgi_param HTTPS on;

          Everything works correctly. X-Forwarded-Port is for a reverse-proxy situation, which we're not in as we use FastCGI. Setting this to 1 unconditionally means that we'll always force https, which might not be what we want.

          Oliver Charles added a comment - If you add this line: fastcgi_param HTTPS on; Everything works correctly. X-Forwarded-Port is for a reverse-proxy situation, which we're not in as we use FastCGI. Setting this to 1 unconditionally means that we'll always force https, which might not be what we want.

          Test has Catalyst 5.9, so that doesn't seem to be the problem.

          Oliver Charles added a comment - Test has Catalyst 5.9, so that doesn't seem to be the problem.

          Ian McEwen added a comment -

          Oliver: We are setting the catalyst variable, but we weren't setting the X-Forwarded-Port at the frontend. Unfortunately, it doesn't seem to have worked, at least yet – what version of Catalyst is test.musicbrainz.org running, I wonder?

          Ian McEwen added a comment - Oliver: We are setting the catalyst variable, but we weren't setting the X-Forwarded-Port at the frontend. Unfortunately, it doesn't seem to have worked, at least yet – what version of Catalyst is test.musicbrainz.org running, I wonder?

          jesus2099 added a comment -

          Thanks for the tip, Oliver ! That's interesting to know.

          jesus2099 added a comment - Thanks for the tip, Oliver ! That's interesting to know.

          @Ian: that's odd, we should be setting that to true anyway (as we do have a front end proxy).

          Oliver Charles added a comment - @Ian: that's odd, we should be setting that to true anyway (as we do have a front end proxy).

          Oliver Charles added a comment - It's perfectly valid - http://stackoverflow.com/questions/550038/is-it-valid-to-replace-http-with-in-a-script-src-http

          jesus2099 added a comment -

          I've never seen links starting with //.
          What is this (._.?) Do you have examples ?

          jesus2099 added a comment - I've never seen links starting with //. What is this (._.?) Do you have examples ?

          Ian McEwen added a comment -

          http://stackoverflow.com/questions/1664816/is-there-a-way-to-force-c-uri-for-in-catalyst-to-generate-a-uri-that-begins-wi seems to suggest how to make this work for c.uri_for, which is at least what our CSS/JS is done with.

          Ian McEwen added a comment - http://stackoverflow.com/questions/1664816/is-there-a-way-to-force-c-uri-for-in-catalyst-to-generate-a-uri-that-begins-wi seems to suggest how to make this work for c.uri_for, which is at least what our CSS/JS is done with.

            warp Kuno Woudt
            rob Robert Kaye
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Version Package
                Bug fixes, 2012-09-03