seo_redirect returns "Tried to redirect to potentially insecure url" if forum uses https / SSL

[hbcafe]

See http://www.phpbb-seo.com/en/phpbb2-advanced/article36376.html

I haven't debugged it yet, but I would look at this code in seo_redirect:

    // Now, also check the protocol and for a valid url the last time...
    $allowed_protocols = array('http', 'https'/*, 'ftp', 'ftps'*/);
    $url_parts = parse_url($url);
    if ($url_parts === false || empty($url_parts['scheme']) || !in_array($url_parts['scheme'], $allowed_protocols))
    {
        send_status_line(400, 'Bad Request');
        trigger_error('INSECURE_REDIRECT', E_USER_ERROR);
    }

It assumes a fully qualified URL, but it may be getting a relative one.

[hbcafe]

Jared reports:

I figured it out over the weekend. Turns out it's a cookie issue, if you're running SSL you just have to be sure to enable transfer cookies over SSL. That cleared it up for me. It's running flawlessly now in phpBB 3.1.5.