[Xerte] Re: Query about Xerte https access

Smith, John J.J.Smith at gcu.ac.uk
Wed Jul 24 21:07:46 BST 2013 

Ah of course... No idea...

You were spot on for this bug and probably not worth spending too much time with the current codebase but when we redo it its probably worth investigating... Especially if we are writing specifically for PHP 5.1+

You're in MOoc land until Sept right? We should decide what to do then and plan some code refactoring if you are up for it. The API should take away most of that website_code folder anyway... I have that in hand... Well in my brain but soon to be in my hand...

Regards

John Smith
Learning Technologist
School of Health and Life Sciences

Sent from Samsung Galaxy SII



"Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:


You can fake some of the settings (like referrer)

On 24 Jul 2013, at 20:33, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:

> Dunno. What you mean?
>
> Regards
>
> John Smith
> Learning Technologist
> School of Health and Life Sciences
>
> Sent from Samsung Galaxy SII
>
>
> "Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:
>
>
> Is server spammable?
>
> On 24 Jul 2013, at 20:24, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
>
>> Oh and I've never really liked that $_SERVER collection - if its about the server then why does it change with the request? It should only be server specific info and request specifics should be in the $_REQUEST collection... No?
>>
>> Regards
>>
>> John Smith
>> Learning Technologist
>> School of Health and Life Sciences
>>
>> Sent from Samsung Galaxy SII
>>
>>
>> "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
>>
>>
>> There's also an HTTPS option but i'm not really sure what that is and whether its fixed for the server other changes depending on the scheme of request....
>>
>> Regards
>>
>> John Smith
>> Learning Technologist
>> School of Health and Life Sciences
>>
>> Sent from Samsung Galaxy SII
>>
>>
>> Paul Swanson <Paul.Swanson at harlandfs.com> wrote:
>>
>>
>> $_SERVER['SERVER_PROTOCOL'] = Name and revision of the information protocol via which the page was requested; i.e. 'HTTP/1.0';
>>
>> from http://www.php.net/reserved.variables.server.php
>>
>> Paul Swanson
>> Internal Business Systems Analyst
>> Internal Business Intelligence
>> Harland Financial Solutions
>> (800) 274-7280 Ext. 2462
>> Paul.Swanson at harlandfs.com
>>
>> -----Original Message-----
>> From: xerte-bounces at lists.nottingham.ac.uk [mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Pat @ Pgogy
>> Sent: Wednesday, July 24, 2013 12:03 PM
>> To: Xerte discussion list
>> Subject: [Xerte] Re: Query about Xerte https access
>>
>> LTI stuff / password play
>>
>> And how do we know you have https?
>>
>> On 24 Jul 2013, at 19:51, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
>>
>>> Same as request? When wouldn't you know?
>>>
>>> I'd just use the $_SERVER object to work it out... No?
>>>
>>> Regards
>>>
>>> John Smith
>>> Learning Technologist
>>> School of Health and Life Sciences
>>>
>>> Sent from Samsung Galaxy SII
>>>
>>>
>>>
>>> "Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:
>>>
>>>
>>> How would you handle requests where you don't know?
>>>
>>> On 24 Jul 2013, at 18:54, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
>>>
>>>> Is it not better than being hardwired?
>>>>
>>>> If we access on https then that's used, if we access on http then that's used... Or am i missing something??
>>>>
>>>> Regards
>>>>
>>>> John Smith
>>>> Learning Technologist
>>>> School of Health and Life Sciences
>>>>
>>>> Sent from Samsung Galaxy SII
>>>>
>>>>
>>>>
>>>> "Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:
>>>>
>>>>
>>>> Does that matter?
>>>>
>>>> On 24 Jul 2013, at 18:36, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
>>>>
>>>>> Surely you can just work out the url in PHP and pass in if required though...
>>>>>
>>>>> What if site can be accessed at either http or https... You don't know upfront which scheme will be used...
>>>>>
>>>>> Regards
>>>>>
>>>>> John Smith
>>>>> Learning Technologist
>>>>> School of Health and Life Sciences
>>>>>
>>>>> Sent from Samsung Galaxy SII
>>>>>
>>>>>
>>>>>
>>>>> "Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:
>>>>>
>>>>>
>>>>> Until you use flash
>>>>>
>>>>> On 24 Jul 2013, at 18:18, "Smith, John" <J.J.Smith at gcu.ac.uk> wrote:
>>>>>
>>>>>> Why do we even still hardwire the scheme and url in site_details anyway?
>>>>>>
>>>>>> All site specific urls should be relative no? Relative to the current scheme and current domain...
>>>>>>
>>>>>> Regards
>>>>>>
>>>>>> John Smith
>>>>>> Learning Technologist
>>>>>> School of Health and Life Sciences
>>>>>>
>>>>>> Sent from Samsung Galaxy SII
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Pat @ Pgogy" <xerte at pgogywebstuff.com> wrote:
>>>>>>
>>>>>>
>>>>>> It's probably because the site URL is set as http
>>>>>>
>>>>>> Try setting the site URL to https
>>>>>>
>>>>>> On 24 Jul 2013, at 16:36, Jamie Wood <jwood at lincoln.ac.uk> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> We're running a Xerte project here at Lincoln and have come across a problem with Chrome (and other browsers) running Xerte over https. I've copied over a query from our Centre for Educational Research and Development below about this technical issue. Can anyone help with this and the questions in the paragraphs within the dotted lines below?
>>>>>>>
>>>>>>> ------------
>>>>>>> The issue seems to be that Chrome has a problem with running Xerte securely over https. It says that although https is turned on on our server, some of the files are non-securely 'leaking' over http. It seems to be especially strict about this, compared to other browsers. If I turn off https altogether and, this is key, remove all cookies and browsing history from Chrome, then it performs perfectly OK over http.
>>>>>>>
>>>>>>> The problem we have is that to use university logins, we need to run it over https, and if the tool is going to be used by 100+ people, this is by far the preferred method of login.
>>>>>>>
>>>>>>> Jamie, please could you write to the mailing list, copying me in, reporting this problem and asking for advice? How are other institutions running it successfully over https? Why is Xerte serving certain files over http, when https is being requested? This seems like a bug and a security issue with Xerte to me.
>>>>>>> -------------------
>>>>>>>
>>>>>>>
>>>>>>> Bests
>>>>>>> Jamie
>>>>>>>
>>>>>>>
>>>>>>> Dr Jamie Wood
>>>>>>> Lecturer in History,
>>>>>>> School of Humanities,
>>>>>>> University of Lincoln,
>>>>>>> Brayford Pool,
>>>>>>> Lincoln LN6 7TS
>>>>>>>
>>>>>>> Email: jwood at lincoln.ac.uk<mailto:jwood at lincoln.ac.uk>
>>>>>>> Tel.: +44(0)1522 837389
>>>>>>> Website: http://staff.lincoln.ac.uk/jwood
>>>>>>> Twitter: @woodjamie99<https://twitter.com/woodjamie99>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Xerte mailing list
>>>>>>> Xerte at lists.nottingham.ac.uk
>>>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>>>>
>>>>>>> This message has been checked for viruses but the contents of an attachment
>>>>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>>>>
>>>>>> _______________________________________________
>>>>>> Xerte mailing list
>>>>>> Xerte at lists.nottingham.ac.uk
>>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>>>
>>>>>> This message has been checked for viruses but the contents of an attachment
>>>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>>>>>>
>>>>>> Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
>>>>>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>>>>>>
>>>>>> Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
>>>>>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
>>>>>>
>>>>>> _______________________________________________
>>>>>> Xerte mailing list
>>>>>> Xerte at lists.nottingham.ac.uk
>>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>>>
>>>>>> This message has been checked for viruses but the contents of an attachment
>>>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>>>
>>>>> _______________________________________________
>>>>> Xerte mailing list
>>>>> Xerte at lists.nottingham.ac.uk
>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>>
>>>>> This message has been checked for viruses but the contents of an attachment
>>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>>>>>
>>>>> Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
>>>>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>>>>>
>>>>> Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
>>>>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
>>>>>
>>>>> _______________________________________________
>>>>> Xerte mailing list
>>>>> Xerte at lists.nottingham.ac.uk
>>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>>
>>>>> This message has been checked for viruses but the contents of an attachment
>>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>>
>>>> _______________________________________________
>>>> Xerte mailing list
>>>> Xerte at lists.nottingham.ac.uk
>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>
>>>> This message has been checked for viruses but the contents of an attachment
>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>>>>
>>>> Winner: Times Higher Education's Widening Participation Initiative of the Year 2009 and Herald Society's Education Initiative of the Year 2009.
>>>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>>>>
>>>> Winner: Times Higher Education's Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
>>>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
>>>>
>>>> _______________________________________________
>>>> Xerte mailing list
>>>> Xerte at lists.nottingham.ac.uk
>>>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>>>> This message and any attachment are intended solely for the addressee and may contain confidential information. If you have received this message in error, please send it back to me, and immediately delete it.   Please do not use, copy or disclose the information contained in this message or in any attachment.  Any views or opinions expressed by the author of this email do not necessarily reflect the views of the University of Nottingham.
>>>>
>>>> This message has been checked for viruses but the contents of an attachment
>>>> may still contain software viruses which could damage your computer system, you are advised to perform your own checks. Email communications with the University of Nottingham may be monitored as permitted by UK legislation.
>>>
>>> _______________________________________________
>>> Xerte mailing list
>>> Xerte at lists.nottingham.ac.uk
>>> http://lists.nottingham.ac.uk/mailman<http://lists.nottingham.ac.uk/mailman/listinfo/xerte>
>>
>> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>>
>> Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>>
>> Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
>> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
>> _______________________________________________
>> Xerte mailing list
>> Xerte at lists.nottingham.ac.uk
>> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte
>
> Glasgow Caledonian University is a registered Scottish charity, number SC021474
>
> Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html
>
> Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
> http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html
> _______________________________________________
> Xerte mailing list
> Xerte at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte

_______________________________________________
Xerte mailing list
Xerte at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte

Glasgow Caledonian University is a registered Scottish charity, number SC021474

Winner: Times Higher Education’s Widening Participation Initiative of the Year 2009 and Herald Society’s Education Initiative of the Year 2009.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,6219,en.html

Winner: Times Higher Education’s Outstanding Support for Early Career Researchers of the Year 2010, GCU as a lead with Universities Scotland partners.
http://www.gcu.ac.uk/newsevents/news/bycategory/theuniversity/1/name,15691,en.html

More information about the Xerte mailing list