X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/961afd3446ca822d2f329c8034ad300dd92327db..cf1290eb464f1256aa5c12d973fff774e4f83e5e:/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn diff --git a/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn b/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn index 99906a5de..307c528ca 100644 --- a/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn +++ b/doc/todo/Protocol_relative_urls_for_stylesheet_linking.mdwn @@ -12,3 +12,36 @@ This can be fixed by setting the base wiki url to a protocol relative url, such but this breaks all sorts of things, like the 404 plugin and wiki rebuilds will throw the following perl warning several times: Use of uninitialized value in string ne at /usr/share/perl5/IkiWiki.pm line 586 + +> With a vaguely recent ikiwiki, if your `url` and `cgiurl` settings have the +> same hostname (e.g. +> `url => "http://www.example.com", cgiurl => "https://www.example.com/ikiwiki.cgi"`), +> most links are path-only (e.g. `/style.css`), and in particular, +> CGI-generated pages should generate those links. This was the implementation of +> [[todo/want_to_avoid_ikiwiki_using_http_or_https_in_urls_to_allow_serving_both]]. +> +>> This wasn't actually the case if the schemes are different; but now +>> IkiWiki will generate protocol-relative URLs if the CGI is https, +>> the url is http and the hostname is the same (i.e. it assumes that the https +>> equivalent of the url will also work). This is to prevent mixed-content +>> issues, and partially addresses this todo item. +>> --[[smcv]] +> +> If your`$config{url}` and `$config{cgiurl}` have different hostnames (e.g. +> `url => "http://wiki.example.com", cgiurl => "http://cgi.example.com/ikiwiki.cgi"`) +> then you might still have this problem. In principle, IkiWiki could generate +> protocol-relative URLs in this situation, but it isn't clear to me how +> widely-supported those are. +> +>> HTML5 says protocol-relative URLs work, and they seem to be widely +>> supported in practice, so I've changed the rule to: if the url and cgiurl +>> share a scheme (protocol) but differ only by hostname, use `//foo/bar` +>> protocol-relative URLs. This partially addresses this todo. +>> I'm still thinking about what the right thing is for more complicated +>> situations: see [[todo/design for cross-linking between content and CGI]]. +>> --[[smcv]] +> +> If you set both the `$config{url}` and `$config{cgiurl}` to https, but make +> the resulting HTML available over HTTP as well as HTTPS, that should work +> fine - accesses will be over http until the user either explicitly +> navigates to https, or navigates to the CGI. --[[smcv]]