From e382b99b6437a323d7be7f261d2f8249fe1bca51 Mon Sep 17 00:00:00 2001
From: Elliot Voris <evoris@slcconline.edu>
Date: Mon, 9 Dec 2013 12:57:20 -0600
Subject: [PATCH] LP104785: Selfcheck needs to be run with HTTPS

Redirect attempts to connect to the self-check via HTTP to the more secure
HTTPS instead. Addresses this bug reported in launchpad:
https://bugs.launchpad.net/evergreen/+bug/1047485

Based on work for Apache 2.2 by Michael Peters <mrpeters@library.in.gov>,
updated and applied to 2.4 by Elliot Voris.

Signed-off-by: Elliot Voris <evoris@slcconline.edu>
Signed-off-by: Dan Scott <dscott@laurentian.ca>
---
 Open-ILS/examples/apache/eg_vhost.conf.in    | 6 ++++++
 Open-ILS/examples/apache_24/eg_vhost.conf.in | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/Open-ILS/examples/apache/eg_vhost.conf.in b/Open-ILS/examples/apache/eg_vhost.conf.in
index 1de2212cdf..a6476aae62 100644
--- a/Open-ILS/examples/apache/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache/eg_vhost.conf.in
@@ -134,6 +134,12 @@ RewriteRule /opac/[^/]*/skin/[^/]*/xml/rresult.xml /eg/opac/results?%{ENV:OILS_J
 # Images, CSS, etc can stick around.
 RewriteRule /opac/[^/]*/skin/.*(xml|htm|html|/)$ /eg/opac/home?%{ENV:OILS_JSPAC_SEARCH_TYPE}%{ENV:OILS_JSPAC_SEARCH_TERMS}%{ENV:OILS_JSPAC_SEARCH_LOCATION} [NE,R,L]
 
+# -----------------------------------------------------------------------------$
+# Force HTTPS for /eg/circ/selfcheck
+# -----------------------------------------------------------------------------$
+RewriteCond %{HTTPS} off
+RewriteRule ^(/eg/circ/selfcheck) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
+
 # ----------------------------------------------------------------------------------
 # For sanity reasons, default indexes to Off
 # ----------------------------------------------------------------------------------
diff --git a/Open-ILS/examples/apache_24/eg_vhost.conf.in b/Open-ILS/examples/apache_24/eg_vhost.conf.in
index f530f2935e..d561916c23 100644
--- a/Open-ILS/examples/apache_24/eg_vhost.conf.in
+++ b/Open-ILS/examples/apache_24/eg_vhost.conf.in
@@ -134,6 +134,12 @@ RewriteRule /opac/[^/]*/skin/[^/]*/xml/rresult.xml /eg/opac/results?%{ENV:OILS_J
 # Images, CSS, etc can stick around.
 RewriteRule /opac/[^/]*/skin/.*(xml|htm|html|/)$ /eg/opac/home?%{ENV:OILS_JSPAC_SEARCH_TYPE}%{ENV:OILS_JSPAC_SEARCH_TERMS}%{ENV:OILS_JSPAC_SEARCH_LOCATION} [NE,R,L]
 
+# -----------------------------------------------------------------------------$
+# Force HTTPS for /eg/circ/selfcheck
+# -----------------------------------------------------------------------------$
+RewriteCond %{HTTPS} off
+RewriteRule ^(/eg/circ/selfcheck) https://%{HTTP_HOST}%{REQUEST_URI} [NC,R=301,L]
+
 # ----------------------------------------------------------------------------------
 # For sanity reasons, default indexes to Off
 # ----------------------------------------------------------------------------------
-- 
2.43.2