Contextual Menu Links Not Working on https

[jstephendix]

Contextual menu links are not opening on https pages.

Steps to reproduce:
Securepages configuration

1. Secure pages is enable
2. Switch back to http pages when there are no matches set to Yes
3. Non-secure Base URL and Secure Base URL not set
4. Pages which will be be secure set to history and history/*'
5. All other settings are default configuration

To reproduce the error:

1. Create content with the URL alias of /history
2. Visit https://mysite.com/history
3. Click on a link within a contextual menu (menu, block, etc.)

[nerdstein]

Any contextual links on a secured page should likely (or should assume to be) secured.

[jose-oliveira]

Same as issue #4, this is caused because of a conflict with the destination parameter. I'll take a deeper look on that tomorrow.

[nerdstein]

I commented on number 4

[jose-oliveira]

What's happening:

• In the method "checkForHttp" of class "SecurePagesEventSubscriber" is setting the request's response to an instance of RedirectResponse
• In the method "checkRedirectUrl" of class "RedirectResponseSubscriber" it checks if the request's response is an instance of RedirectResponse. If so, it redirects to the "destination" parameter.

Fix suggestion:

• When redirecting to https, remove the "destination" parameter from the current request. OBS: Because the parameter is still in the URL, after the page is submitted then the user is redirected back to the page set in the "destination" parameter.

[jstephendix]

That seems to be a suitable solution.
On Thu, Sep 10, 2015 at 10:24 AM jose-oliveira [email protected]
wrote:

What's happening:

• In the method "checkForHttp" of class
  "SecurePagesEventSubscriber" is setting the request's response to an
  instance of RedirectResponse
• In the method "checkRedirectUrl" of class
  "RedirectResponseSubscriber" it checks if the request's response is
  an instance of RedirectResponse. If so, it redirects to the
  "destination" parameter.

Fix suggestion:

• When redirecting to https, remove the "destination" parameter from
  the current request. OBS: Because the parameter is still in the URL, after
  the page is submitted then the user is redirected back to the page set in
  the "destination" parameter.

—
Reply to this email directly or view it on GitHub
#12 (comment)
.

[jose-oliveira]

Pull request #23 submitted with this fix.

[jstephendix]

Thanks! I'll review the PR and comment if I have any thoughts or
suggestions. Thanks again, appreciate the help!

Stephen Dix

Sr. Developer | Acquia http://acquia.com/

[email protected] | 520-306-7673

Address: 25 Corporate Drive 4th Floor, Burlington, MA 01803

Acquia Identified as a Leader in new Gartner WCM Magic Quadrant
https://www.acquia.com/gartner-magic-quadrant
Follow @acquia on Twitter http://www.twitter.com/Acquia

On Thu, Sep 10, 2015 at 11:27 AM, jose-oliveira [email protected]
wrote:

Pull request #23
#23 submitted
with this fix.

—
Reply to this email directly or view it on GitHub
#12 (comment)
.

[jstephendix]

Tested and issue was resolved in PR#23, making as closed.