-
- 2 Posts
I have been experiencing a problem on a site we developed when switching between http and https, I believe the problem is related to how pages are currently cached in Modx. It seems that there is only one version of a cached page in Modx. This could lead to problems if a page is accessible under both http or https.
For example, if a visitor comes to a page on your site and the page is not cached, the page will be cached (assuming caching is enabled) under whatever protocol was used (ie. http or https). If a second user then visits the page under the other scheme the cached page will be retrieved but the <base href> tag will most likely be using the wrong scheme. This could lead to incorrect behavior when requesting resources, etc and possible lead to a mixed security content warning to visitors of the site.
I have been experiencing this on a recent site we have developed. For now I have disabled caching but I would really like to re-enable it for obvious performance reasons.
It seems the entire caching system is being updated in the 097 release anyway, but something to think about might be to have two buckets for a cached page, one for http and another for https. The caching architecture could look at the protocol of the request and then see if a cached version of the resource for that protocol exists.
Please let me know if my understanding of how caching in modx is correct.
Thanks, Mike
I don’t believe you should ever allow access to single page from both http and https. That would kind of defeat the purpose would it not?
Rewrite rules will be best if no MODx pages need to be https; otherwise, you could use a plugin to see if the specific page being requested should be served by the requested protocol or switch to the other (i.e. http vs https). This is what I’ve done on sites where some pages needed to be served https while forcing others to http.