We have a bit of a convenience issue. We force all users to log in via https, and their sessions aren't valid over http. The environment switcher builds http links, so even if the user has a current session to the environment she's switching to, the switcher will take her to a 403 error page. Is there a way to make these links inherit the current URL's protocol, or to use a // protocol-less link?

Comments

e0ipso’s picture

Absolutely. I've had this in my backlog for some time now. I'll get to it asap.

wrd’s picture

Awesome, thanks!

komlenic’s picture

I have a similar use case that would require a different solution. Why not make it such that you can specify the protocol to use for each environment in the environment switcher? By default, a protocol relative url could be used, but we have use cases where some of the environments require https and some require the use of http.

e0ipso’s picture

@komlenic that's a more slightly complicated setup than I imagined. Do you have a patch proposal?

komlenic’s picture

As the module works now (AFAIK), it is using the protocol on the current request, to build the links used in the environment switcher (combined with the hostname from each environment's configuration page). I would suggest adding an additional field to the environment configuration page to supply the protocol, which would then be used when building the links in the environment switcher.

ñull’s picture

I did not see this issue before. You find a patch at this #2599024: Environment switching SSL support that might help.