ZF-11519: Zend_Dojo doesn't take into account https with the CDN

Issue Type: Bug Created: 2011-07-01T09:05:38.000+0000 Last Updated: 2012-03-09T19:54:14.000+0000 Status: Open Fix version(s): Reporter: Symphony IT (symphony) Assignee: Matthew Weier O'Phinney (matthew) Tags: - Zend_Dojo

  • state:patch-ready-for-review
  • zf-crteam-padraic
  • zf-crteam-priority
  • zf-crteam-review

Related issues: Attachments: - ZF-11519-combined.patch


Zend_Dojo only contains the http url for the Google CDN, If someone wanted to use a https connection for their application they will receive the "unsecure elements" message in the browser while using the CDN.

ZendX_JQuery has implemented a mechanism for switching to the https connection on the Google CDN There should be comparable functionality available in Zend_Dojo.


Posted by Robert Basic (robertbasic) on 2011-08-26T07:54:48.000+0000

Will work on this over the weekend.

I noticed that AOL doesn't have an SSL version of the CDN, so I'll implement it for Google only.

Posted by Robert Basic (robertbasic) on 2011-08-26T13:31:25.000+0000

Patch + tests attached.

Posted by Robert Basic (robertbasic) on 2011-08-26T13:32:29.000+0000

Reassigning to Matthew to review the patch and tests.

Posted by Pádraic Brady (padraic) on 2011-08-28T10:28:28.000+0000

I've reviewed the patch and confirm it operates as intended. Recommend committing to trunk and merging to release branch.

Posted by Paul Verhoeven (paul verhoeven) on 2011-08-29T08:35:28.000+0000

Please don't commit to trunk. The patch works, but it only loads the dojo.js file over SSL. It then xhrloads the rest of default modulepaths (/dojo, /dijit & /dojox) and any additional module-namespaces over non SSL connection. This could be fixed by including the right paths through registerModulePath() but it wouldn't solve the main problem.

SSL should always work. ATM it also doesn't work when Dojo's hosted locally, which should be first priority. Also Google and AOL both support SSL for their CDN's (only AOL's unsigned). There's also a new CDN for Dojo (Yandex) which supports signed SSL, so SSL should work for any CDN. Fixing this problem by hardcoding the scheme into the class is not the way to go. There would need to be some kind of scheme detection, either through inspecting $_SERVER['HTTPS'] or $request->isSecure(). A correct fix opens up a whole can of worms, some of which i've already addressed but i needed to break BC and can in the light of ZF2.

Posted by Paul Verhoeven (paul verhoeven) on 2011-09-14T12:05:41.000+0000

Reworked my solution intented for ZF2 to not break ZF1. Setting of scheme is now applies to all dojo assets: base, source, layer, module and stylesheetpaths. Setting of scheme is per default based on $_SERVER['HTTPS'] but can be forced through setting = true/false or api setSecure(true/false). Added tests to confirm behaviour. Please comment and/or review.

Posted by Adam Lundrigan (adamlundrigan) on 2011-11-08T13:27:54.000+0000

Reformatted and applied Paul's patches (ZF-11519-combined.patch). The Dojo suite ran (after adding it to Zend_AllTests) without any issues related to the dojo view helper itself, though I did get three failures in other view helpers due to encoding of attribute values (see ZF-11875).

Have you found an issue?

See the Overview section for more details.


© 2006-2018 by Zend, a Rogue Wave Company. Made with by awesome contributors.

This website is built using zend-expressive and it runs on PHP 7.