lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-02-09 09:16:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

SSL transitions from https to http should not be forced on Ajax requests, as they can result in mixed security, and cross-domain failures.

Browse Source
This commit is contained in:
Bertrand Le Roy
2014-01-05 16:11:33 -08:00
parent 9a07d8b419
commit 87ccd59dc0
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Orchard.Web/Modules/Orchard.SecureSocketsLayer/Filters/SecureSocketsLayersFilter.cs
View File

@@ -53,7 +53,8 @@ namespace Orchard.SecureSocketsLayer.Filters {
// non auth page on a secure canal
// nb: needed as the ReturnUrl for LogOn doesn't force the scheme to http, and reuses the current one
if (!secure && request.IsSecureConnection) {
// Also don't force http on ajax requests.
if (!secure && request.IsSecureConnection && !request.IsAjaxRequest()) {
var insecureActionUrl = AppendQueryString(
request.QueryString,
_sslService.InsecureActionUrl(