11
General Discussion / Re: Roundcube OAuth - insecure redirect url error.
« Last post by indridi on April 22, 2024, 07:45:14 AM »as always, writing things up clears the mind. Started looking a bit more, found that the
At that point, one might consider doing
Greetings,
Indriði
Code: [Select]
get_redirect_uri
calls Code: [Select]
rcmail->url([], true, true);
. At that point, one might consider doing
Code: [Select]
rcmail->url([], true, true, true);
to enforce ssl connection. But looking further, we get to Code: [Select]
$prefix = rcube_utils::resolve_url($prefix);
and then Code: [Select]
if (self::https_check()) {
$schema = 'https';
$default_port = 443;
}
and https_check has this snippet : Code: [Select]
if ($use_https && rcube::get_instance()->config->get('use_https')) {
return true;
}
which leads to the well-documented defaults.inc.php :Code: [Select]
// tell PHP that it should work as under secure connection
// even if it doesn't recognize it as secure ($_SERVER['HTTPS'] is not set)
// e.g. when you're running Roundcube behind a https proxy
// this option is mutually exclusive to 'force_https' and only either one of them should be set to true.
$config['use_https'] = false;
where I, admittedly, might have started looking in the first place. But sometimes one just has to formulate a question for someone else to organize the thoughts well enough to see the obvious.Greetings,
Indriði