[solved] Correct understanding of SSL option and cms_stylesheet

[kendo451]

My understanding, perhaps mistaken, was that the purpose of the [[root_url]] tag in the new cms_stylesheet system was to automatically correct image links in the stylesheet for when https is selected for a given page.

However, after testing this with a live site that uses the same template+stylesheet for both http and https pages, it appears to be caching the stylesheet with the http:// root url.  This causes an ssl error on the secure pages, because the secure page is loading unencrypted files through the stylesheet links.

Previously I've avoided this problem by simply using relative links in the stylesheet.

Intead of putting [[root_url]] in the stylesheet, I think I can achieve the same effect by just using links from the site root, like this:

background: url(/uploads/images/something.jpg);

Am I misunderstanding the purpose of the [[root_url]] in the new stylesheet system?

[kendo451]

I have verified that using root path urls works fine with https and cms_stylesheet. 

So, I don't know what the purpose of having [[root_url]] is.  It seems unnecessary.

[calguy1000]

Two things you need to understand:

a) the [[root_url]] is just a smarty plugin to output the $config['root_url'] variable.
b) the {cms_stylesheet} plugin knows which page you are generating (of course)
    figures out the associated page template, grabs the stylesheets that are associated
    with that template, passes them through smarty and generates .css files in tmp/cache.
    There is no advanced intelligence about generating page specific versions of the
    cached stylesheet files, and this probably isn't desirable anyways.
     
If you're using a mixed HTTP/HTTPS environment you may need to either use relative URLS
in your stylesheets (probably have to be careful of base directories, and other relative directories)
or use some other method for generating ssl urls for images.  (IE is such a stupid browser).

[kendo451]

It looks like the only way to make it work in IE6/7 is to make a separate stylesheet with hardcoded https in all the urls.

[Jeff]

I use a single stylesheet and it works fine with SSL. I put this in the top of the stylesheet so the directory is easy to change if I move servers.

Code: Select all

[[assign var=dir value='/']]

Then this is my background line:

Code: Select all

background:transparent url([[$dir]]uploads/images/rev2/Interior/header_orange.png) no-repeat top center;

[mox]

Hi,
in 1.8.2 I solved with relative path in the url() of image in the stylesheets.
Now, in 1.9.1, the warning in IE reappear, because the url of the stylesheets are http instead of https.
The problem, I thing, is the {cms_stylesheet} tag in the template.
When I read the generated html, in the head the path of the stylesheets is always http and not https.
The only way to solve is to separate the stylesheet in one or more file, save it in a dir and then write a full path with https in the template.

There are other trick?

Ciao
Maurizio

[Dr.CSS]

@Jeff

You do all this writing instead of just putting / in front of uploads?...

Code: Select all

[[assign var=dir value='/']]

Code: Select all

background:transparent url([[$dir]]uploads/images/rev2/Interior/header_orange.png) no-repeat top center;

[kendo451]

Doc CSS, when you develop on XAMPP, your web root is usually not the root of the CMS site.  But on the production server it is.

/ won't work for local development unless the site is the webroot.

So, being able to transition easily from dev server to production server requires using the [[root_url]] tag.

[Dr.CSS]

I just tested it on my localhost XAMPP install, correct with (/uploads/ it doesn't work but for some strange reason (uploads/ works, I was under the impression that with out the / it wouldn't work...

[kendo451]

I had always used ./uploads successfully in either environment, but it no longer works in 1.9.  Which is ok, I just use [[root_url]] now.

[mox]

Perhaps I have not explained well,
in the url anywhere now I use [[root_url]] or {root_url} depend on the content.
The problem is the tag, in the head, {cms_stylesheet} that load the stylesheet from the cache with an http:// url rather than https:// when they are call from a https page.
For this reason, although I use correctly [[root_url]] or {root_url} in the template and in the css, IE view this object path, http://mydomain/tmp/cache/mycss_cache.css, like an unsecure object.

I hope now is clear, despite my bad English.

Ciao
Maurizio

[kendo451]

Two possible solutions:

A. Use this form "//topdomain.com/path/to/images/image.jpg" in your stylesheet.  The browser will automatically put http or https in there.

or if you want to use [[root_url]]

Then you'll have to make one stylesheet for the secure pages and one for the regular ones.

[mox]

Huuum,
all my stylesheet have any url in the [[root_url]] form;
the object, img, loaded from the stylesheet aren't the problem; the problem is the loading of the stylesheets itself.
When I check the generate html, the path of the stylesheet generate from the {cms_stylesheet} tag, is http:// rather then https://.
Inside the stylesheet its all regular.
For bypass the problem, I make a single stylesheet and delete the tag and insert an absolute path with https://.
But isn't the best solution. Every time I need to make change, I must remember to update the css file that I put somewhere.
It's possible another solution?
This seems an implementation problem in the core or in the {cms_stylesheet} tag, relatively at SSL layer.
What do you think?

Ciao
Maurizio