From 82ac0e6ea70f1b0b4607622b2c50b0b107b259b7 Mon Sep 17 00:00:00 2001
From: Galen Charlton <gmc@esilibrary.com>
Date: Thu, 26 Sep 2013 14:24:42 -0700
Subject: [PATCH] LP#1207281: require SSL when downloading offline patron list

This patch builds on the previous one by forcing use of
SSL for downloading the offline patron list.  It also
updates the Apache 2.4 example configuration.

Signed-off-by: Galen Charlton <gmc@esilibrary.com>
Signed-off-by: Bill Erickson <berick@esilibrary.com>
---
 Open-ILS/examples/apache/eg_vhost.conf.in          |  1 +
 Open-ILS/examples/apache_24/eg_vhost.conf.in       | 14 ++++++++++++++
 .../xul/staff_client/chrome/content/main/menu.js   |  2 +-
 3 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/Open-ILS/examples/apache/eg_vhost.conf.in b/Open-ILS/examples/apache/eg_vhost.conf.in
index 6d5a18e4fe..1de2212cdf 100644
--- a/Open-ILS/examples/apache/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache/eg_vhost.conf.in
@@ -488,6 +488,7 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
     require valid-user
     PerlSendHeader On
     allow from all
+    SSLRequireSSL
 </Location>
 
 # ----------------------------------------------------------------------------------
diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in
index 0d67b54ff2..f530f2935e 100644
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -480,6 +480,20 @@ RewriteRule .? - [E=locale:%{HTTP:Accept-Language}]
     Require all granted 
 </Location>
 
+# ----------------------------------------------------------------------------------
+# Protect Standalone/Offline mode files from public view
+# ----------------------------------------------------------------------------------
+<Location /standalone/>
+    AuthType Basic
+    AuthName "Standalone Mode Login"
+    PerlOptions +GlobalRequest
+    PerlSetVar OILSProxyPermissions "STAFF_LOGIN"
+    PerlAuthenHandler OpenILS::WWW::Proxy::Authen
+    require valid-user
+    PerlSendHeader On
+    allow from all
+    SSLRequireSSL
+</Location>
 
 # ----------------------------------------------------------------------------------
 # Reporting output lives here
diff --git a/Open-ILS/xul/staff_client/chrome/content/main/menu.js b/Open-ILS/xul/staff_client/chrome/content/main/menu.js
index b69ebec47a..2f16bfd761 100644
--- a/Open-ILS/xul/staff_client/chrome/content/main/menu.js
+++ b/Open-ILS/xul/staff_client/chrome/content/main/menu.js
@@ -1391,7 +1391,7 @@ main.menu.prototype = {
                 function() {
                     try {
                         var x = new XMLHttpRequest();
-                        var url = 'http://' + XML_HTTP_SERVER + '/standalone/list.txt';
+                        var url = 'https://' + XML_HTTP_SERVER + '/standalone/list.txt';
                         x.open("GET",url,false);
                         x.send(null);
                         if (x.status == 200) {
-- 
2.43.2