Closed (fixed)
Project:
Advanced CSS/JS Aggregation
Version:
6.x-1.x-dev
Component:
JS CDN
Priority:
Critical
Category:
Bug report
Assigned:
Unassigned
Reporter:
Created:
25 Feb 2011 at 16:59 UTC
Updated:
12 Oct 2011 at 11:46 UTC
Jump to comment: Most recent file
Comments
Comment #1
mikeytown2 commentedthought I committed that change... well here to my first git commit.
Running this right now
So it might be a little while before I get the first patch out.
Created instructions for installing git on ubuntu.
http://drupal.org/node/1065850#ubuntu-install
Comment #2
mikeytown2 commentedgrab the latest dev; just checked out the code and the fix is in there.
http://drupalcode.org/project/advagg.git/blob/refs/heads/6.x-1.x:/advagg...
Comment #3
vacilando commentedConfirming that the issue is fixed; thanks!
Comment #5
_-. commentedreopening to continue the discussion a bit ...
with a different ssl topology -- nginx as ssl-handler @ my server's edge, backed by a varnish (faux) CDN and apache in non-ssl mode -- non-ssl google apis are being used.
my varnish conf includes,
proxy_set_header X-SSL-Subject $ssl_client_s_dn;
proxy_set_header X-SSL-Issuer $ssl_client_i_dn;
proxy_set_header HTTPS on;
which does the trick for other modules that need to know we're an SSL site.
looking at advagg source,
...
$schema = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') | ...
...
i _thought_ should be sufficient.
something's still missing.
Comment #6
mikeytown2 commentedI use the same code from the CDN module
http://drupalcode.org/project/cdn.git/blob/refs/heads/6.x-2.x:/cdn.modul...
http://drupalcode.org/project/advagg.git/blob/refs/heads/6.x-1.x:/advagg...
Let me know if you find anything else. Marking this as needs more info.
Comment #7
_-. commentedhi.
fyi, i'm NOT using the CDN module. rather, I have Varnish configs splitting requests for css/js/etc to multiple apache backends.
re: "needs more info" ... what specifically can I provide?
Comment #8
mikeytown2 commentedGood step would be a dump of the $_SERVER variable on your server when the page is accessed from a https address. The other bit of info that would be useful is what "other modules" are you using that change behavior when http/https.
Comment #9
_-. commentedwith a little digging thru $_SERVER vars, it appears that nginx config of
proxy_set_header HTTPS on;
does NOT set
$_SERVER['HTTP']=on
, but rather, prepends the meta key (for all proxy_set_header vars?) with "HTTP_", so that,
$_SERVER['HTTP_HTTPS']=on
as I thinkg abt it, as the apache server itself is NOT serving https://, HTTPS=on would be, technically, incorrect in this scenario.
in any case, editing in,
advagg_js_cdn/advagg_js_cdn.module
- $schema = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')) ? 'https' : 'http';
+ $schema = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO' || (isset($_SERVER['HTTP_HTTPS']) && $_SERVER['HTTP_HTTPS'] == 'on')] == 'https')) ? 'https' : 'http';
results, correctly, in,
script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"
^^^^^
i see no particular reason NOT to simply leave this in as is.
Comment #10
_-. commenteda suggestion -
perhaps a preference in advagg, "Additional SSL $_SERVER['x]' vars, set by proxies: [_____________]", or some such, where you'd enter: "HTTP_HTTPS", e.g., in the case of nginx.
that way, no fooling around with trying to cover all possible vars ...
Comment #11
mikeytown2 commentedSo your recommending adding an additional check for the HTTP_HTTPS variable, correct? Having a configurable variable to check would work... you can also do something like this in your settings.php file
I will add the HTTP_HTTPS check in later today.
Comment #12
_-. commented> So your recommending adding an additional check for the HTTP_HTTPS variable, correct?
yep. as long as the check for any ONE var is sufficient ...
> Having a configurable variable to check would work...
great.
> you can also do something like this in your settings.php file
> if (isset($_SERVER['HTTP_HTTPS']) && $_SERVER['HTTP_HTTPS'] == 'on') {
> $_SERVER['HTTPS'] = 'on';
sure, but.
that's, then, telling your app (aka, Drupal) that the Apache server is mod_ssl enabled. which is not the case. i could see how that might cause other modules to make some incorrect choices (been awhile, but iirc, SecurePages was made 'unhappy' doing so ...)
in the case of advagg + this nginx-proxy-handling-the-ssl scenario, all one's really saying is: when using *external* libraries, reference the https:// links.
> I will add the HTTP_HTTPS check in later today.
much appreciated.
Comment #13
mikeytown2 commentedcommitted this patch
Comment #15
glennpratt commentedIf you have a SSL termination at some-point on your trusted network (IE Nginx SSL in front of Apache), then $_SERVER['HTTPS'] = on is entirely appropriate. That should be happening by Apache configs or settings.php catching the header and setting it to on.
Comment #16
pvanerk commentedHi,
I have installed version 1.5 (in which the patch above is included) but I am still experiencing problems with the
in IE8. In Google Chrome and Firefox I don't have any problems.
When I switched of the advagg module everything is fine. However I need the module, because we have quite a couple of CSS sheets and IE messes up the themes when you have more than 31 css files.
When I open firebug I see the line
in the Script tab.
Any idea what further steps I can take?
With regards,
Comment #17
pvanerk commentedOk, I had run the update.php after copying the new version. However, there was still some old stuff left behind I think. When I deslect the AdvAgg module, uninstall it in drupal and activate it again, everything was ok.