[EP-tech] Re: Infinite redirect on staffonly document

Jon Hallett Jon.Hallett at uwe.ac.uk
Mon Dec 3 09:02:09 GMT 2012

Okay, so redirecting to the https version of the document works. The patch for 3.3.6 is 

*** Rewrite.pm.20121126 2012-11-26 13:29:09.362766562 +0000
--- Rewrite.pm  2012-11-28 08:54:13.392769980 +0000
*** 434,439 ****
--- 434,452 ----
                                return NOT_FOUND;

+                       # jjh, 26th november 2012, staffonly documents should be redirected to https if the server has https...
+                       # redirect secure stuff
+                       if( $repository->config( "securehost" ) && !$secure && !$doc->is_public() )
+                       {
+                           my $https_redirect = $repository->current_url(
+                               scheme => "https",
+                               host => 1,
+                               path => "static",
+                               "$eprintid/$pos$uri" ) . $args;
+                           return redir( $r, $https_redirect );
+                       }
+                       # ...end
                        if( !length($uri) )
                                return redir( $r, "$urlpath/$eprintid/$pos/$args" );



-----Original Message-----

Message: 1
Date: Thu, 15 Nov 2012 12:00:09 +0000
From: Jon Hallett <Jon.Hallett at uwe.ac.uk>
Subject: [EP-tech]  Infinite redirect on staffonly document
To: "'eprints-tech at ecs.soton.ac.uk' (eprints-tech at ecs.soton.ac.uk)"
	<eprints-tech at ecs.soton.ac.uk>
	<361D6B1A2B6D194081955E94772543F288E040A614 at EGEN-MBX01.campus.ads.uwe.ac.uk>
Content-Type: text/plain; charset="us-ascii"

Another problem related to http://www.eprints.org/tech.php/16874.html and http://www.eprints.org/tech.php/16546.html.

As before, this affects an EPrints instance which uses different domains for http and https (http://researchdata.uwe.ac.uk/ and https://eprints.uwe.ac.uk/datasecure/).

This time the problem is that we have a document restricted to repository staff which is inaccessible from its abstract page. Clicking on the document's link causes EPrints to issue an infinite series of redirects.

I'm guessing that the root cause is that the document link is http://researchdata.uwe.ac.uk/85/1/Lorem%20ipsum.pdf, but the login process happens on https://eprints.uwe.ac.uk/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F85%2F1%2FLorem%2520ipsum.pdf, so researchdata.uwe.ac.uk never sees the user cookies. https://eprints.uwe.ac.uk/datasecure/85/1/Lorem%20ipsum.pdf works as expected.

Anyway, is the fix to redirect secure documents to their https URLs, as is already done in Rewrite.pm for secure CGI directories?



More information about the Eprints-tech mailing list