You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@lenya.apache.org by Lee Carroll <le...@aol.com> on 2005/06/25 21:04:13 UTC
authoring site over https
Hello All,
I've followed the how to proxy (parts a an b) and have successfully got
evreything up and running over https.
However (their is always a however) IE always pops up its mixed security
warning ("This page contains both secure and nonsecure items")
when I access the site tab. All url's on the site tab have the same problem
(eg of a url is
https://server/pubplication/info-authoring/index.html?lenya.usecase=info-overview&lenya.step=showscreen)
My initial thought was they must be a rougue image beig pulled in by http.
But I can't find any. The page source and page look is identical when you
display all items or refuse unsecure ones ? Functionality does not degrade
when you refuse unsecure items. Mozzilla (firefox) behaves fine.
I've had a look at the javscript and got worried by the site nav "+" and
"-"images but they seem to be relative src's.
Their is a very fancy XMLHTTPRequest object being used could this be it ?
Has anyone experienced this problem in the past ?
Thanks in advance
Lee C
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by Josias Thoeny <jo...@wyona.com>.
On Tue, 2005-06-28 at 08:22 +0100, Lee Carroll wrote:
> > Well, honestly I didn't spend too much time on thinking which way would
> > be better, sync or async.
> > I think I used sync requests because the hourglass appears and the user
> > know they have to wait a little. If I recall correctly I also had some
> > problems getting async requests to work correctly on some browsers.
> > Lee, do you think async requests are better? Can you explain why?
> >
> > Thanks, Josias
>
> In ie it seems that the lenya menu bar at the top of the page disappears and
> then "distorts" briefly during any subsequent httpxmlrequests. I'm guessing
> that async would help prevent this.
I never noticed that before... it looks like yet another ie 'feature'.
>
> Subsequent requests after the initial tree population may not need any
> visual cue to the user as its speedy enough to be related to the user action
> of clicking the + image on the menu. They will "allow" a small time delay.
Actually there can be a considerable delay if one opens a node with a
large number of subnodes. In that case it makes sense to display some
kind of hint to the user.
>
> The w3c site claims that asnc is preferable as on error or transport delays
> won't lock the browser. (Although I think they are asuming that the request
> is doing background stuff and displaying the site tree might not be
> classified as this ??)
I agree that in case of an error it's not good to "lock" the browser. By
using async requests, one could just display a meaningful error message
after a timeout.
>
> Instead of the hour class an alternative could be a menu status area which
> could read (loading.... etc).
>
> More importantly well done on writing the most impressive rocket science
> javascript I've ever saw.
The core part of the tree library actually was written by Guido Wesdorp,
one of the developers of Kupu.
I you want to improve something about the xmlhttp implementation, feel
free to submit patches ;-)
Cheers,
Josias
>
> Lee C
>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
> For additional commands, e-mail: user-help@lenya.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by Lee Carroll <le...@aol.com>.
> Well, honestly I didn't spend too much time on thinking which way would
> be better, sync or async.
> I think I used sync requests because the hourglass appears and the user
> know they have to wait a little. If I recall correctly I also had some
> problems getting async requests to work correctly on some browsers.
> Lee, do you think async requests are better? Can you explain why?
>
> Thanks, Josias
In ie it seems that the lenya menu bar at the top of the page disappears and
then "distorts" briefly during any subsequent httpxmlrequests. I'm guessing
that async would help prevent this.
Subsequent requests after the initial tree population may not need any
visual cue to the user as its speedy enough to be related to the user action
of clicking the + image on the menu. They will "allow" a small time delay.
The w3c site claims that asnc is preferable as on error or transport delays
won't lock the browser. (Although I think they are asuming that the request
is doing background stuff and displaying the site tree might not be
classified as this ??)
Instead of the hour class an alternative could be a menu status area which
could read (loading.... etc).
More importantly well done on writing the most impressive rocket science
javascript I've ever saw.
Lee C
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by Josias Thoeny <jo...@wyona.com>.
On Tue, 2005-06-28 at 11:03 -0700, Gregor J. Rothfuss wrote:
> Lee Carroll wrote:
>
> > The site tree is hard core java script. Is XMLHttpRequest the future!
> > Great stuff (why not async on the gets ?)
>
> josias?
Well, honestly I didn't spend too much time on thinking which way would
be better, sync or async.
I think I used sync requests because the hourglass appears and the user
know they have to wait a little. If I recall correctly I also had some
problems getting async requests to work correctly on some browsers.
Lee, do you think async requests are better? Can you explain why?
Thanks, Josias
>
> > Anyway, XMLHttpRequest is fine over https turns out the problem was with
> > the site tree images (+ - etc). The parameter IMAGE_PATH
> > was causing a http request. I appended "https://servername" on to the
> > IMAGE_PATH string in root.xslt.
> >
> > I'm a little worried by the hard coding is there a better way ?
>
> this should honor the settings in publication.xconf (especially the
> proxy stuff)
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
> For additional commands, e-mail: user-help@lenya.apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by "Gregor J. Rothfuss" <gr...@apache.org>.
Lee Carroll wrote:
> The site tree is hard core java script. Is XMLHttpRequest the future!
> Great stuff (why not async on the gets ?)
josias?
> Anyway, XMLHttpRequest is fine over https turns out the problem was with
> the site tree images (+ - etc). The parameter IMAGE_PATH
> was causing a http request. I appended "https://servername" on to the
> IMAGE_PATH string in root.xslt.
>
> I'm a little worried by the hard coding is there a better way ?
this should honor the settings in publication.xconf (especially the
proxy stuff)
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by Lee Carroll <le...@aol.com>.
>> IE always pops up its mixed
>> security warning ("This page contains both secure and nonsecure items")
>> when I access the site tab. All url's on the site tab have the same
>> problem (eg of a url is
>> https://server/pubplication/info-authoring/index.html?lenya.usecase=info-overview&lenya.step=showscreen)
Well I've fixed this problem sort off, and what a journey I've been on.
The site tree is hard core java script. Is XMLHttpRequest the future! Great
stuff (why not async on the gets ?)
Anyway, XMLHttpRequest is fine over https turns out the problem was with the
site tree images (+ - etc). The parameter IMAGE_PATH
was causing a http request. I appended "https://servername" on to the
IMAGE_PATH string in root.xslt.
I'm a little worried by the hard coding is there a better way ?
Cheers Lee C
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by Lee Carroll <le...@aol.com>.
> Could you post your apache(2?) proxy setup and any helpful notes.
The authoring and live virtual hosts pasted below.
It is pretty much a copy of the proxy how to's. (I'm finding this stuff "big
magic" and would be hard pushed to explain it satisfactorily)
I needed to add a couple of rules to get lenya resource found (css and
javascript)
Lenya is running as root so I'm avoiding the need to get involved with
patching apache
HTH
PS
This is not problem free, the mixed security msg in the site tab makes it
unusable in terms of letting customers on it
Lee C
<VirtualHost *:80>
# cms authoring site
ServerName www.highbridgecms.co.uk
ProxyRequests Off
RewriteEngine On
RewriteLog www.highbridgecms.co.uk.rewrite.log
RewriteLogLevel 0
RewriteRule ^/([^/\.]+)$ $1/ [R]
RewriteRule ^/([^/\.]+)/$
http://www.highbridgecms.co.uk/$1/authoring/index.html [R,L]
#RewriteCond %{QUERY_STRING} lenya\.usecase=login(.*)
#RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
RewriteRule ^/lenya/(.*) http://www.highbridgecms.co.uk:8080/lenya/$1
[P,L]
RewriteRule ^/(.*) http://www.highbridgecms.co.uk:8080/$1 [P,L]
ProxyPassReverse / http://www.highbridgecms.co.uk:8080/
</VirtualHost>
<virtualHost *:443>
# secure cms authoring site
ServerName www.highbridgecms.co.uk
ProxyRequests Off
RewriteEngine On
RewriteLog logs/ssl.www.highbridgecms.co.uk.rewrite.log
RewriteLogLevel 0
RewriteRule ^/([^/\.]+)$ $1/ [R]
RewriteRule ^/([^/\.]+)/$
http://www.highbridgecms.co.uk/$1/authoring/index.html [R,L]
RewriteRule ^/lenya/(.*) http://www.highbridgecms.co.uk:8080/lenya/$1
[P,L]
RewriteRule ^/(.*) http://%{SERVER_NAME}:8080/$1 [P,L]
ProxyPassReverse / http://www.highbridgecms.co.uk:8080/
</virtualHost>
#
# highbridge associates port 80 only
#
<VirtualHost *:80>
# cms authoring site
ServerName www.highbridgeassociates.co.uk
ProxyRequests Off
RewriteEngine On
RewriteLog www.highbridgeassociates.co.uk.rewrite.log
RewriteLogLevel 0
#match and proxy /
RewriteRule ^/$
http://www.highbridgeassociates.co.uk:8080/highbridge/live/index.html [P,L]
#match and proxy internal refs with /live/
RewriteRule ^/highbridge/live/(.*)
http://www.highbridgeassociates.co.uk:8080/highbridge/live/$1 [P,L]
#match and proxy lenya internals 404 etc
RewriteRule ^/lenya/(.*)
http://www.highbridgeassociates.co.uk:8080/lenya/$1 [P,L]
#match and proxy chilren dirs of /
RewriteRule ^/(.*)
http://www.highbridgeassociates.co.uk:8080/highbridge/live/$1 [P]
ProxyPassReverse / http://www.highbridgeassociates.co.uk:8080/
</VirtualHost>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by so...@gmail.com.
ProxyPassReverseCookiePath is integrated with Apache2.1. I am using
the beta, and it seems to work well. The command does solve the
cookie issue. Are you able to upgrade?
It was supposed to be available for earlier releases, but I did not
have time to figure it out. (In other words, they managed to make it
very difficult.)
We had errors with the Kupu editor, probably due to poor proxing. We
are currently changing the architecture, so the proxying should
disappear for editing.
I was surprised mod_proxy_html has been available for many years and
was not integrated into httpd. Rewriting Headers and A and IMG tags
was one of the first features of my own portal, but it was designed to
proxy better than anything. I still have not figured out how to get
mod_proxy_html to work, and almost destroyed Linux attempting to
upgrade the compiler. I wish it had been integrated with mod_proxy.
solprovider
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org
Re: authoring site over https
Posted by hu...@hurrells.ca.
Hello Lee.
Could you post your apache(2?) proxy setup and any helpful notes.
Mine (below) is not working well yet, even in http. Here it is and comments
welcome from all as it's a mess.
My problem's symptoms are that each page makes me re-login again. FYI, I have
disable world view and think the problem is the "ProxyPassReverseCookiePath"
below that does not work as I can't get that apache patch to install yet.
AFYI: The site below is not currently up.
Thank You
Stephen
----------
<VirtualHost *:80>
ServerName lenya.hurrells.ca
ServerAdmin webmaster@hurrells.ca
ServerAlias lenya.hurrells.ca lenya
DocumentRoot /var/www
ProxyRequests Off
RewriteEngine On
RewriteLog /var/log/apache2/lenya.rewrite.log
RewriteLogLevel 0
# ProxyPassReverseCookiePath /lenya /
<Location />
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Location>
RewriteRule ^/lenya/default/(.*)/images/(.*)$
http://h2.hurrells.ca:8080/lenya/default/$1/images/$2 [L]
RewriteRule ^/(.*\.css$) http://h2.hurrells.ca:8080/$1 [L]
RewriteRule ^/default/live/(.*)$ $1 [R]
RewriteRule ^/$ index.html [R]
RewriteRule ^/lenya/default/live/(.*)$ $1 [R,L]
RewriteRule ^/lenya/default/(.*)$
http://lenya.hurrells.ca/lenya/default/$1 [R,L]
RewriteRule ^/(.*) http://h2.hurrells.ca:8080/lenya/default/live/$1 [P]
ProxyPassReverse / http://h2.hurrells.ca:8080/
</VirtualHost>
-------------
Quoting Lee Carroll <le...@aol.com>:
> Hello All,
>
> I've followed the how to proxy (parts a an b) and have successfully
> got evreything up and running over https.
>
> However (their is always a however) IE always pops up its mixed
> security warning ("This page contains both secure and nonsecure
> items")
> when I access the site tab. All url's on the site tab have the same
> problem (eg of a url is
> https://server/pubplication/info-authoring/index.html?lenya.usecase=info-overview&lenya.step=showscreen)
>
> My initial thought was they must be a rougue image beig pulled in by
> http. But I can't find any. The page source and page look is
> identical when you display all items or refuse unsecure ones ?
> Functionality does not degrade when you refuse unsecure items.
> Mozzilla (firefox) behaves fine.
>
> I've had a look at the javscript and got worried by the site nav "+"
> and "-"images but they seem to be relative src's.
>
> Their is a very fancy XMLHTTPRequest object being used could this be it ?
>
> Has anyone experienced this problem in the past ?
>
> Thanks in advance
>
> Lee C ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
> For additional commands, e-mail: user-help@lenya.apache.org
>
>
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@lenya.apache.org
For additional commands, e-mail: user-help@lenya.apache.org