Details
-
Bug
-
Resolution: Fixed
-
None
-
Medium
-
When accessing /editor instead /editor/ a redirect to http was made also in https context which might break translate5 integration scenarios
-
Empty show more show less
Description
problem
when using sessionToken param based login this leads to several http https context switches preventing the proper usage in iframes for example.
curl -ksLI https://t5docker.localdev/editor\?sessionToken\=60626705629f921afb046f32afbe00c7 --header 'Cookie: XDEBUG_SESSION=PHPSTORM' HTTP/2 301 server: nginx location: https://t5docker.localdev/editor/?sessionToken=60626705629f921afb046f32afbe00c7 HTTP/2 302 server: nginx x-powered-by: PHP/8.1.27 location: /editor HTTP/2 301 server: nginx location: https://t5docker.localdev/editor/ HTTP/2 302 server: nginx x-powered-by: PHP/8.1.27 set-cookie: zfExtended=07onebel8ngu9efv9acsbcbrk8ssc26o; expires=Fri, 21-Jun-2024 14:37:50 GMT; Max-Age=864000; path=/; secure; SameSite=None location: /login HTTP/2 200 server: nginx x-powered-by: PHP/8.1.27 set-cookie: zfExtended=es7upbe7sgv2ml4k3sj4ek5cq65lmr3g; expires=Fri, 21-Jun-2024 14:38:00 GMT; Max-Age=864000; path=/; secure; SameSite=None set-cookie: zfExtended=4m4iilti3gcu2i6u3dhsd1h9qm77pd4f; expires=Fri, 21-Jun-2024 14:38:00 GMT; Max-Age=864000; path=/; secure; SameSite=None
reason
This caused by a defect redirect in the .htaccess file, which redirects with absolute redirects from /editor to /editor/ - since apache is running always on http the redirect will always go to http
solution
- fix the redirect
- convert redirects in the application targetted to "/editor" to "/editor/" to prevent that additional redirect