Make logo link to front page absolute [#2224961]

Currently, the site logo links to the front page without a full absolute link (eg. / instead of https://www.example.com/).

Using a full absolute link can be required in some cases, for example when using a page as a template that is parsed through an external site. This is used particularly in "dynamic templates" used by payment service providers such as Ogone which can be used as payment method for Drupal Commerce through modules such as Commerce Ogone.

Comment	File	Size	Author
#1	adaptivetheme_2224961.patch	1.47 KB	roball

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

Comment #1

roball CreditAttribution: roball commented 24 March 2014 at 19:06

Status:

Active

» Needs review

File	Size
adaptivetheme_2224961.patch	1.47 KB

Attached patch implements this feature.

Comment #2

Jeff Burnz CreditAttribution: Jeff Burnz commented 25 March 2014 at 13:29

How does this play with https? I mean this uses http, but what happens if your site is using https?

Comment #3

roball CreditAttribution: roball commented 13 July 2016 at 14:46

It is absolutely working fine with https. It automatically uses the protocol (http or https) the site is currently on.

Comment #4

Jeff Burnz CreditAttribution: Jeff Burnz commented 25 March 2014 at 21:24

Well, OK, what is the setup there, are you using $conf['https'] = TRUE; (mixed mode) and Secure pages module, SSL cert (I don't get a green bar or anything) etc?

I don't really know that much about this stuff really and I've been down this road a few times and been caught out, last thing I want is Secure Pages and other similar modules coming back and telling me this is broken. I'm pretty weary of enforcing protocols.

I suppose I need to dig into the inner workings of the url() options and see exactly how these work, then I can be happy about it once I actually understand them. Reason I say this is because I am pretty sure "absolute" has a counter part "https", so I would wonder why there are two options.

Comment #5

roball CreditAttribution: roball commented 26 March 2014 at 01:39

I neither have set $conf['https'] = TRUE;, nor use the Secure Pages module. Setting $conf['https'] to TRUE is bad (a security hole), since it would allow authenticated user's traffic to be sent over plain http (in addition to https). Best practise is to allow authenticated user's traffic to be sent only over https.

The 'https' option of url being set to TRUE only has an effect if $conf['https'] is set to TRUE. Then it enforces links to be generated as https, even if on actual http pages. If not defined, the current scheme is used, so the user stays on HTTP or HTTPS respectively - this is why setting the 'absolute' option to TRUE and NOT setting 'https' generates links beginning with http:// or https:// respectively, depending on the current scheme. That's absolutely safe.

Comment #6

roball CreditAttribution: roball commented 13 July 2016 at 14:48

Version:

7.x-3.2

» 7.x-3.4

Comment #7

Jeff Burnz CreditAttribution: Jeff Burnz commented 13 July 2016 at 20:57

I think this is something a site should do if for some reason they need to, by default all links in Drupal core are relative, I'm not sure why a theme should override core in this way.