Walang 1 jili app no deposit bonus.Makakuha ng libreng 700pho sa bawat deposito

Resolved JimFitzsimons
(@jimfitzsimons)

7 years, 4 months ago
Hi,

I’m not sure if this bug/issue/feature was added in a recent update but it’s something I’ve just noticed now (or rather, a client has).

I have a javascript file with a section that looks like this:
```
if( variable === 'value1' ) {
     document.forms['bookingForm'].action= "https://www.domain1.com/?p=1";
}
else if( variable === 'value2' ) {
     document.forms['bookingForm'].action= "https://www.domain1.com/?p=2";
}
else if( variable === 'value3' ) {
     document.forms['bookingForm'].action= "https://www.domain3.com/?p=1";
}
```
When this is processed by Fast Velocity Minify, the URL protocol is stripped from those actions. So the output looks like:
```
if( variable === 'value1' ) {
     document.forms['bookingForm'].action= "//www.domain1.com/?p=1";
}
else if( variable === 'value2' ) {
     document.forms['bookingForm'].action= "//www.domain1.com/?p=2";
}
else if( variable === 'value3' ) {
     document.forms['bookingForm'].action= "//www.domain3.com/?p=1";
}
```
Trouble is, this is running on an HTTPS site, so the redirect will default to having https: at the beginning of each URL (which throws an error on sites that should be http).

Is there a way to turn off this protocol removal? Any suggestions at all? For now I’m just excluding files from FVM, but that’s hardly an ideal solution. Randomly stripping the URL protocol can’t be a sensible idea if it’s done as bluntly as this?

Cheers,
Jim.
- This topic was modified 7 years, 4 months ago by JimFitzsimons.

Viewing 1 replies (of 1 total)

Plugin Author Raul P.
(@alignak)

7 years, 4 months ago
Hi there,

In fact, rewriting the url paths to being relative is needed for a lot of reasons.

When we merge multiple css files, images need to stay relative to the css file.
Now, for sites that are available to http and https, the cache “might” be created with http and trigger mixed content warnings throughout the site.
Relative protocol, it’s the standard in 2017 and it doesn’t care if the urls are being loaded via http or https. This is especially useful, for example, for people behind cloudflare using the flexible ssl.

For your specific case:

I’m not sure if that’s some plugin or something you or your developer created, but when you populate the form action, it should stay on the same http or https scheme.

You should never present an https page to someone, and then have them submit a form insecurely to an http only website… in some countries, this is probably even illegal.
https://serverfault.com/questions/653579/https-posts-to-http-urls-insecure

The solution is not FVM stop changing urls to relative protocol, but rather add https support to all of the urls (it’s your client’s safety). There are even free ssl like letsencrypt, or you can use the free cloudflare plan with flexible ssl.

If you really need this, you have to use the ignore list.
Another option, is to rewrite your code:

Something like this, should work fine:
```
(...)
else if( variable === 'value3' ) {
     document.forms['bookingForm'].action= "http:" + "//www.domain3.com/?p=1";
}
```
Then purge FVM cache and your site cache, and it will be fine.

Viewing 1 replies (of 1 total)

The topic ‘URL Protocol stripped from JS files (breaks forms)’ is closed to new replies.