GetSimple Support Forum

Full Version: https only for administration?
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
It seems that GetSimple is ill fitted for using SSL for the administration only, e.g. if you access the administation with https:
  • some resources (e.g. Javascript) are loaded using http, which exposes cookies, etc.
  • inserting a (page/upload) link in a page will insert it with https (unless you manually change it)
Using self signed certificates or a shared certificate (with wrong server name),
  • the flash uploader does not work, even if the certificate was added to the browser. It has to be disabled in gsconfig.php.

The first issue can easily be solved by using relative paths or omitting http(s): from the links.
Interestingly in GS 3.3.1 (without any plugins) the jquery-scrolltofixed.js is included multiple times:
<script src=""></script>
<script src=""></script>        
<script type="text/javascript" src="template/js/jquery-scrolltofixed.js?v=3.3.1"></script>        
<script type="text/javascript" src="template/js/jquery.getsimple.js?v=3.3.1"></script>
created issues, and found an old issue that was missing labels and milestones.

There was another issue closed about https and asset urls, I thought this was fixed, apparantly it just uses siteurl.

Both of these have been addressed in hotfixes.
Uploadify won't be addressed we no longer use it.

have you had a chance to test this ?