Redirects misbehaving on Safari after Drupal 6 Security Update + Update to latest Secure Pages

Created on 21 November 2013, about 11 years ago
Updated 26 November 2024, 27 days ago

This morning I installed the latest Drupal 6 Core because of the security issue, and also upgraded to the latest Secure Pages.

This has caused some strange behavior on my site.

1) With "Switch back to http pages when there are no matches" checked, Secure Pages never switches to https mode when the user is running Safari! It works fine on Firefox.

2) With "Switch back to http pages when there are no matches" unchecked, Secure Pages "sticks" in https mode once it has to go to a secure page, which AFAICT is the expected behavior. However, when running on Safari, when you go between pages, you will often see repeated page loads between secure and insecure before it ends up where it "should" end up (except that sometimes it doesn't!) -- but it's not 100% reliable (or perhaps it happens so fast that Safari doesn't visibly update)

For example:

Load first page (http) : loads in http
Move to second page (http expected) : loads in http
Move to secure page: loads http, redirects to https
Move to second secure page via link click: loads https
Move to 3rd secure page (via form button click, so it's a post, maybe that's part of it): loads http, reloads https
Move to homepage (which normally would be http, but because no matches unchecked, should now be secure): http, https, http! This was a "/home" link, not a fully-specified link.
Move to another normally http page, from the homepage which is http but you would expect it to be https): http, reloads https!
Back to the homepage via /home: http,https,http!

Firefox, doing the same sequence, works as you would expect... once it gets into https mode, it sticks there. It may be doing weird stuff under the hood though.

My settings are:

Secure pages enabled
"Switch back to http pages when there are no matches" unchecked

Make secure only the listed pages:

*/activity
*/edit
cart
cart/*
admin
admin/*
user
users/*
aeadmin
aeadmin/*
uc_paypal
uc_paypal/*

Ignore pages:

*/autocomplete/*
*/ajax/*
jifupload/*
finder/*

Color me confused at this point.

πŸ› Bug report
Status

Closed: outdated

Version

2.1

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States MadOverlord

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡ΊπŸ‡¦Ukraine AstonVictor

    I'm closing it because the issue was created a long time ago without any further steps.

    if you still need it then raise a new one.
    thanks

Production build 0.71.5 2024