I have a Drupal site where I use a private HTTPS certificate while logged in as an author to write content, but the site itself is meant to be viewed over HTTP.

If, while logged in over HTTPS, I insert an HTTP link to a page on this site (http://example.com/content/test), then when I view this page, the link is changed to HTTPS (https://example.com/content/test).

It doesn't matter whether I view the page over HTTPS or HTTP, I still get the HTTPS.

It also doesn't matter if I switch to the plain-text editor and save -- somehow the HTTP still gets changed to HTTPS.

I have tried:

href="http://example.com/content/test"
href="/content/test"

but with the same result both times. I've also tried clearing the cache. No good.

Any thoughts? Is there a CKEditor setting I could use, either in the module or in CKEditor itself, via custom javascript?

Thank you!

Comments

MediaFormat’s picture

MediaFormat CreditAttribution: MediaFormat commented
Issue summary: View changes

Might be related to your $base_url, try this :

$protocol = (!empty($_SERVER['HTTPS'])) ? 'https' : 'http';
$base_url = $protocol . '://www.example.com';
manuel.adan’s picture

manuel.adan
Location 🌌
CreditAttribution: manuel.adan at Arcovía Digital for Asociación TecnoAriadna commented

Behind a reverse proxy it still happens. I don't know why the xss_url is composed without https. The reverse proxy connects with the internal web site throw http, but externally the website is served as https. I have the https option enabled in settings, the base_url with https as well, and all the reverse proxy related settings as should be. As a workaround, I forced ckeditor to use https when composing the xss_url:

--- a/includes/ckeditor.lib.inc 2018-09-25 12:28:33.000000000 +0200
+++ b/includes/ckeditor.lib.inc 2017-06-23 15:44:32.000000000 +0200
@@ -1284,7 +1284,8 @@
       if (module_exists('smart_paging')) {
         drupal_add_js(array('ckeditor' => array('pagebreak' => TRUE)), 'setting');
       }
-      drupal_add_js(array('ckeditor' => array('ajaxToken' => drupal_get_token('ckeditorAjaxCall'), 'xss_url' => url('ckeditor/xss'))), 'setting');
+      // Added https option, current schema is not recognized
+      drupal_add_js(array('ckeditor' => array('ajaxToken' => drupal_get_token('ckeditorAjaxCall'), 'xss_url' => url('ckeditor/xss', array('https' => TRUE)))), 'setting');
       $is_running = TRUE;
     }