update.php inaccessible under HTTPS #127
Comments
|
There are separate sessions for http and https, unless you have $conf = TRUE; in your settings file. This is also true in D7. You can confirm this is the case by logging into the site with http and then go to admin page with https. |
|
I was under the impression that mixed-mode support had been removed in D8, but regardless I'm not sure that's exactly what we're seeing here. I did a bunch of testing today as this behaviour seemed erratic to me and I've got it down to something reproducible. This is all on a live Pantheon site so I'm not sure what would happen with a similar setup outside of Pantheon. The domain name in this test is set with CNAMEs for both www and non-www pointing to the live-domain.pantheon.io name. Vanilla settings.php as well. Legend: (OUT) http://live-domain.pantheon.io/update.php "You must be logged in as admin..." (IN) http://live-domain.pantheon.io/update.php OK (IN) http://www.domain.com/update.php OK (IN) http://www.domain.com/update.php OK (IN) http://www.domain.com/update.php OK (OUT) http://www.domain.com/update.php "You must be logged in as admin..." (IN) http://www.domain.com/update.php OK It seems like the cookie being set is mixing up the http / https. |
When a D8 site is served with HTTPS, update.php cannot be accessed.
Example:
HTTPS:
http://screencast.com/t/HvwXDSgefs
HTTP:
http://screencast.com/t/jnPmm4ETU5Tz
Originally reported by Adam W. desk case#54237
There is no redirect logic in settings.php.
Test site is http://test-d8-80release.pantheon.io
The text was updated successfully, but these errors were encountered: