Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Currently, the site logo links to the front page without a full absolute link (eg. /
instead of https://www.example.com/
).
Using a full absolute link can be required in some cases, for example when using a page as a template that is parsed through an external site. This is used particularly in "dynamic templates" used by payment service providers such as Ogone which can be used as payment method for Drupal Commerce through modules such as Commerce Ogone.
Comment | File | Size | Author |
---|---|---|---|
#1 | adaptivetheme_2224961.patch | 1.47 KB | roball |
Comments
Comment #1
roball CreditAttribution: roball commentedAttached patch implements this feature.
Comment #2
Jeff Burnz CreditAttribution: Jeff Burnz commentedHow does this play with https? I mean this uses http, but what happens if your site is using https?
Comment #3
roball CreditAttribution: roball commentedIt is absolutely working fine with https. It automatically uses the protocol (http or https) the site is currently on.
Comment #4
Jeff Burnz CreditAttribution: Jeff Burnz commentedWell, OK, what is the setup there, are you using $conf['https'] = TRUE; (mixed mode) and Secure pages module, SSL cert (I don't get a green bar or anything) etc?
I don't really know that much about this stuff really and I've been down this road a few times and been caught out, last thing I want is Secure Pages and other similar modules coming back and telling me this is broken. I'm pretty weary of enforcing protocols.
I suppose I need to dig into the inner workings of the url() options and see exactly how these work, then I can be happy about it once I actually understand them. Reason I say this is because I am pretty sure "absolute" has a counter part "https", so I would wonder why there are two options.
Comment #5
roball CreditAttribution: roball commentedI neither have set
$conf['https'] = TRUE;
, nor use the Secure Pages module. Setting$conf['https']
toTRUE
is bad (a security hole), since it would allow authenticated user's traffic to be sent over plain http (in addition to https). Best practise is to allow authenticated user's traffic to be sent only over https.The 'https' option of url being set to
TRUE
only has an effect if$conf['https']
is set toTRUE
. Then it enforces links to be generated as https, even if on actual http pages. If not defined, the current scheme is used, so the user stays on HTTP or HTTPS respectively - this is why setting the 'absolute' option toTRUE
and NOT setting 'https' generates links beginning with http:// or https:// respectively, depending on the current scheme. That's absolutely safe.Comment #6
roball CreditAttribution: roball commentedComment #7
Jeff Burnz CreditAttribution: Jeff Burnz commentedI think this is something a site should do if for some reason they need to, by default all links in Drupal core are relative, I'm not sure why a theme should override core in this way.