Uploaded image for project: 'CiviCRM'
  1. CiviCRM
  2. CRM-20447

"Force Secure URLs" setting may duplicate requests on redirect

          Details

          • Type: Bug
          • Status: Done/Fixed
          • Priority: Trivial
          • Resolution: Duplicate
          • Affects Version/s: 4.7.18
          • Fix Version/s: None
          • Component/s: None
          • Labels:
            None
          • Versioning Impact:
            Patch (backwards-compatible bug fixes)
          • Documentation Required?:
            None
          • Funding Source:
            Needs Funding
          • Verified?:
            No

            Description

            While investigating CRM-19609, I saw that the "Force Secure URLs" setting actually duplicates requests to CiviCRM while checking if those requests will be handled correctly.

            CRM_Utils_System::redirectToSSL calls CRM_Utils_System::checkURL before redirecting the user
            CRM_Utils_System::checkURL requests the URL via GET, and passes through $_COOKIE

            For redirected requests which are not idempotent (eg IPN, some API calls, and mail tracking) this seems like it might result in incorrect data?

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    xurizaemon Chris Burgess
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: