在 TYPO3 中通过 SSL 提供静态资源
我有一个 TYPO3 网站,需要通过 SSL 提供其主页(并且仅其主页)。
我处理此问题的第一个尝试是安装 HTTPS Enforcer 扩展,该扩展允许您指定 TYPO3 站点中应强制使用 HTTPS 的特定页面。在该级别上,该扩展按照广告中的方式工作。但问题是,虽然对这些页面之一的请求确实是通过 SSL 处理的,但页面中内嵌的资源(如图像)不通过 SSL 传递。因此,您会在浏览器中收到一条警告(根据浏览器的不同,其范围可以从安静的信息消息到全面的尖叫警告页面),告诉您该页面不完全安全,这(可以理解)让人们感到害怕。
所以我的问题是——如何让 TYPO3 通过 SSL 提供完整页面,包括静态资源?是否有某种方法可以配置/扩展 HTTPS Enforcer 来做到这一点?在这种情况下还有其他更好的扩展吗?或者我完全不走运?
I have a TYPO3 Web site that needs to have its home page (and only its home page) served over SSL.
My first stab at dealing with this was to install the HTTPS Enforcer extension, which lets you specify particular pages in your TYPO3 site that should be forced to HTTPS. At that level, the extension works as advertised. But the problem is that while requests for one of those pages are indeed handled over SSL, resources included inline in the page (like images) are not delivered over SSL. So you get a warning in your browser (which, depending on the browser, can range from a quiet information message to a full-out screaming warning page) telling you that the page isn't completely secure, which (understandably) freaks people out.
So my question is -- how do you get TYPO3 to deliver a complete page over SSL, including static resources? Is there some way to configure/extend HTTPS Enforcer to do that? Is there another extension that's better in this scenario? Or am I just completely out of luck?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
HTTPs Enforcer 做得很好。
如果它只是一页,您可以创建一个条件来更改
baseUrl:如果它适用于整个子域(例如
ssl.example.com),您的条件看起来像这样:使用第二种方式,您可以在每个页面的基础上选择页面是否应该加密。
一个陷阱可能是外部加载的资源(如 Facebook API 等)。他们可能不提供 SSL 加密服务。
编辑(来自@cascaval的评论)这可能是首选的解决方案:
编辑(来自@konsolenfreddy的评论)
HTTPs Enforcer does a good job.
If it's just one page, you can create a condition to change the
baseUrl:if it should work for a whole subdomain (e.g.
ssl.example.com), your condition looks like this:With the second way, you can choose on a per page basis if the page should be encrypted or not.
A pitfall might be externally loaded ressources (like Facebook API etc.). They might not offer a SSL encrypted service.
EDIT (from @cascaval's comment) This might be the preferred solution:
EDIT (from @konsolenfreddy's comment)
我想应该是:
注意“IENV”:这是 TYPO3 特有的。 “ENV”只会使用 $_ENV 或 $_SERVER 中的普通 PHP 变量,其中 TYPO3_SSL 不是有效密钥。
但这只是做以下事情:在输出中设置一个标签,以便通过 SSL 获取相对链接的内容,即
。
如果您的网站中有指向绝对 URL 的资产链接(图像、CSS 等),这将无济于事。在这种情况下,您可以尝试扩展“https”(将 https_enforcer 和另一个扩展合并)或 stfl_replace 来使一些正则表达式将“http://”链接替换为“https://”。
I guess it should be:
Note the "IENV": This is TYPO3 specific. "ENV" would only use the normal PHP variables in $_ENV or $_SERVER where TYPO3_SSL is not a valid key.
But what this does is only the following: Set a tag in the output so content of relativ links i.e. <img src="uploads/pics/image.jpg" /> will get fetched over SSL.
If you have asset links (images, css, etc.) to absolute URLs in your site this wont help. In such a case you could give the extension "https" a try (merge of https_enforcer and another extension) or stfl_replace to make some regex replacing "http://" links to "https://".