Contrib.social

Behind HTTPS Load Balancer, Renders HTTP load of JS to Browser

Open on Drupal.org →
Created on 23 October 2017, over 6 years ago
Updated 20 March 2024, 3 months ago

Hi,

When using this module in a production environment behind a load balancer it renders the JS requests for the browser to use HTTP instead of HTTPS, which is then rejected because the protocol doesn't match HTTPS. We had to hotfix the module in production deployments by replacing the line in each file (src/Plugin/Field/FieldFormatter/Pdf*.php) in order for this to work.

From:

$file_url = file_create_url($item->entity->getFileUri());

To:

$file_url = str_replace('http:', 'https:', file_create_url($item->entity->getFileUri()));

Note: The web servers are behind an AWS ELB that terminates SSL.

🐛 Bug report
Status

Needs work

Version

1.0

Component

Code

Created by

🇺🇸United States ianmariano

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 11 months ago
    🇳🇿New Zealand code_brown

    Re-rolling patch #6 for 8.x-1.2

  • Comment 5 months ago
    🇮🇹Italy marco.aresu Cagliari

    Hi,
    I created a patch to use relative url. The iframe url is generated with file_url_generator service.
    The patch replace generateAbsoluteString method to generateString.

    In my case works Behind HTTPS Load Balancer.

  • Comment 5 months ago
    🇺🇸United States glynster

    Props to @marco.aresu the latest patch works a treat when using Varnish. We were encountering the same issue. Patch resolves the problem right away.

  • Comment 3 months ago
    🇫🇷France erwangel

    I tested patch from marco.aresu (#10) and it works but page attachments remain in http. For the moment I used hook_page_attachments_alter to correct this with a str_replace("http:", "https:", $url) looping through
    $attachments['#attached']['html_head_link'][1][0]['href']
    I suppose the other patches don't correct this either.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024