如何将https URL设置为http


11

我想知道magento如何确定哪个页面应该是安全的以及哪个页面应该是不安全的。

据我了解,magento默认仅使结帐和登录页面安全,并且我可以frontend/secure_url/....通过模块的config.xml 在配置路径下指定其他页面来确保其他页面的安全

管理员端的配置似乎很好。前端和后端均启用了SSL。后端完全通过https。在前端,大多数页面(包括主页)在http下都可以正常工作,并且结帐和登录页面可以按预期重定向到https。

但是还有其他一些URL重定向到了我希望保留在http上的https,包括自定义模块的控制器/操作。

我需要一些有关如何调试的提示?我还有其他配置可用来阻止它们被重定向吗?


您能否提供一些示例/代码(例如,自定义模块的XML配置)?另外,当您尝试将https://重定向到http://时,我不会说“调试”
simonthesorcerer 2014年

Answers:


3

现在只是一个函数,称为shouldUrlBeSecure位于app/code/core/Mage/Core/Model/Config.php上线1477

这是完整的功能:

/**
 * Check whether given path should be secure according to configuration security requirements for URL
 * "Secure" should not be confused with https protocol, it is about web/secure/*_url settings usage only
 *
 * @param string $url
 * @return bool
 */
public function shouldUrlBeSecure($url)
{
    if (!Mage::getStoreConfigFlag(Mage_Core_Model_Store::XML_PATH_SECURE_IN_FRONTEND)) {
        return false;
    }

    if (!isset($this->_secureUrlCache[$url])) {
        $this->_secureUrlCache[$url] = false;
        $secureUrls = $this->getNode('frontend/secure_url');
        foreach ($secureUrls->children() as $match) {
            if (strpos($url, (string)$match) === 0) {
                $this->_secureUrlCache[$url] = true;
                break;
            }
        }
    }

    return $this->_secureUrlCache[$url];
}

要查看哪些网址应该是安全的,可以Mage::log($secureUrls)if语句中添加一个简单的网址。这是我的日志条目的样子:

2014-02-12T11:55:26+00:00 DEBUG (7): Mage_Core_Model_Config_Element Object
(
    [install] => /install/wizard/checkSecureHost
    [customer] => /customer/
    [sales] => /sales/
    [authorizenet_paygate] => /paygate/authorizenet_payment
    [checkout_onepage] => /checkout/onepage
    [checkout_multishipping] => /checkout/multishipping
    [paypal_express] => /paypal/express
    [paypal_standard] => /paypal/standard
    [paypal_express_callbackshippingoptions] => paypal/express/callbackshippingoptions
    [googlecheckout_redirect] => /googlecheckout/redirect/
    [googlecheckout_beacon] => /googlecheckout/api/beacon/
    [googlecheckout_api] => /googlecheckout/api/
    [review_customer] => /review/customer/
    [tag_customer] => /tag/customer/
    [wishlist] => /wishlist/
    [paypaluk_express] => /paypaluk/express
    [rss_catalog_review] => /rss/catalog/review
    [rss_order_new] => /rss/order/new
    [rss_catalog_notifystock] => /rss/catalog/notifystock
    [centinel] => /centinel/
    [newsletter_manage] => /newsletter/manage/
    [downloadable] => /downloadable/customer/
    [downloadable_download] => /downloadable/download/
    [ogone_api] => /ogone/api
    [persistent_onepage_register] => /persistent/index/saveMethod
    [checkout_cart] => /checkout/cart
    [storecredit_info] => /storecredit/info/
    [giftcard_customer] => /giftcard/customer/
    [enterprise_pbridge_pbridge] => /enterprise_pbridge/pbridge/
    [invitation] => /invitation/
)

现在要弄清楚Magento的切换方式HTTPHTTPS 我想您很可能会深入到lib内部的Zend框架中,lib/Zend/Http/*因为它包含了最受欢迎的文件。好吧,无论如何希望这会有所帮助。祝好运!


3

如果,你想用secure urlany other modules,那么你需要一些变化 config.xml的模块的。首先对前端使用的标签

<secure_url>
            <productfaq>/productfaq</productfaq>
        </secure_url>

并且,如果您要输入productfaq网址,请进行更改 $this->getUrl('productfaq/index/index', array('_secure'=>true))

我的延伸路径 \app\code\local\Amit\Productfaq\etc.

在config.xml下面需要更改

     <frontend>
            <routers>
                <productfaq>
                    <use>standard</use>
                    <args>
                        <module>Amit_Productfaq</module>
                        <frontName>onestepcheckout</frontName>
                    </args>
                </productfaq>
            </routers>
            <layout>
                <updates>
                    <productfaq>
                        <file>productfaq.xml</file>
                    </productfaq>
                </updates>
            </layout>
        <!-- add secure url for extesnion, for that  
url productfaq automatically appnend https:  -->
             <secure_url>
                <productfaq>/productfaq</productfaq>
            </secure_url>
        </frontend>
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.