_FPA_SSL_REDIRECT

[frostmakk]

There are issues with SSL Redirect. 1: Line 245: $pageURL = $_SERVER['HTTP_HOST'] . _FPA_SELF; Crash bang. Should be $pageURL = $_SERVER['HTTP_HOST'] . '/' . _FPA_SELF;

2: The script redirects to https regardless of the environment, being it on localhost or a site without https, resulting in "Unable to connect"

[frostmakk]

Ok. I think I have spotted the other error. if (is_bool(@$checkSSL) === true AND Yes, it is true it is a bool, but it aint true 😮 Made a PR. Please test.

[sozzled]

I hope I tested your PR (from the FM-FACE branch) right. I have a test site (on the 'net) that doesn't use SSL; when I enter http://site-name/fpa-en.php, the browser displays https://site-name/fpa-en.php.

So I don't think it works. The FPA report runs, however, even though the configuration.php file says public $force_ssl = 0;

On my local Wampserver, where I have no SSL at all, I tested this, too. There's no problem there.

Strange. It seems as though, if there's an SSL certificate available (even if it's not used), the FPA tries to use SSL regardless of what is in configuration.php. Is that your understanding?

[RussW]

Thanks for the PR @frostmakk that should do it...

@sozzled there is no relation between Joomla! $force_ssl and the FPA feature, this is purely about securing the FPA connection when there is a valid certificate available

[sozzled]

The operative words are "securing the FPA connection when there is a valid certificate available". Got it. Understand it. In that case, things seem to be OK with me.

I'll just have to remember that, even though the website doesn't use SSL, the fact that I have an SSL certificate (that I'm deliberately not using) doesn't mean diddly. The FPA will use the certificate irrespective of what I use on the website. As a footnote: after deleting https://site-name/fpa-en.php (pressing the trash-can glyph) the browser redirects [the site home page] as https://site-name.

A little confusing but not a problem for me because I know what's going on. :wink: