[EP-tech] Re: Problem with secured documents and differing
Jon Hallett
Jon.Hallett at uwe.ac.uk
Mon Jul 16 14:01:05 BST 2012
No takers from the developers for this one? And I thought it was an 'interesting' one... Maybe something similar to the problem we saw with Screen::Logout (http://www.eprints.org/tech.php/16546.html)?
Thanks,
Jon
-----Original Message-----
Message: 2
Date: Tue, 3 Jul 2012 15:38:32 +0100
From: Jon Hallett <Jon.Hallett at uwe.ac.uk>
Subject: [EP-tech] Problem with secured documents and differing
HTTP/HTTPS domain names?
To: "'eprints-tech at ecs.soton.ac.uk' (eprints-tech at ecs.soton.ac.uk)"
<eprints-tech at ecs.soton.ac.uk>
Message-ID:
<361D6B1A2B6D194081955E94772543F279E099C842 at EGEN-MBX01.campus.ads.uwe.ac.uk>
Content-Type: text/plain; charset="us-ascii"
I think we have a problem with secured documents when EPrints is configured to use different domain names for HTTP and HTTPS.
The background is that we have a server called http://researchdata.uwe.ac.uk over HTTP and https://eprints.uwe.ac.uk/datasecure over HTTPS. We've uploaded a document to a user buffer. When you click on the link to download the document from, say,
https://eprints.uwe.ac.uk/datasecure/cgi/users/home?screen=EPrint::View&eprintid=10#t
the browser goes into an infinite loop as shown by Live HTTP headers:
http://researchdata.uwe.ac.uk/10/1/Lorem%20ipsum.doc
GET /10/1/Lorem%20ipsum.doc HTTP/1.1
Host: researchdata.uwe.ac.uk
HTTP/1.1 302 Need to login first
Date: Tue, 03 Jul 2012 14:26:19 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: /cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
----------------------------------------------------------
http://researchdata.uwe.ac.uk/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
GET /cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc HTTP/1.1
Host: researchdata.uwe.ac.uk
HTTP/1.1 302 Found
Date: Tue, 03 Jul 2012 14:26:19 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: https://eprints.uwe.ac.uk/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
----------------------------------------------------------
https://eprints.uwe.ac.uk/datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc
GET /datasecure/cgi/users/login?target=http%3A%2F%2Fresearchdata.uwe.ac.uk%2F10%2F1%2FLorem%2520ipsum.doc HTTP/1.1
Host: eprints.uwe.ac.uk
HTTP/1.1 302 Moved
Date: Tue, 03 Jul 2012 14:26:19 GMT
Server: Apache/2.2.14 (Ubuntu)
Location: http://researchdata.uwe.ac.uk/10/1/Lorem%20ipsum.doc
If I manually change the document URL to http://eprints.uwe.ac.uk/datasecure/10/1/Lorem%20ipsum.doc, it works fine.
Have I misconfigured something? Or is this a consequence of using different domain names for HTTP and HTTPS? Anything that can be done about that?
Fortunately our main EPrints instance works fine. It uses eprints.uwe.ac.uk for both HTTP and HTTPS. We've only come across this when adding a second instance.
Thanks,
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/eprints-tech/attachments/20120703/e051c2e7/attachment.html
------------------------------
_______________________________________________
Eprints-tech mailing list
Eprints-tech at ecs.soton.ac.uk
http://mailman.ecs.soton.ac.uk/mailman/listinfo/eprints-tech
End of Eprints-tech Digest, Vol 46, Issue 3
*******************************************
More information about the Eprints-tech
mailing list