This fixes the following bug:

If Pi-Hole is behind a reverse proxy that uses SSL, then the block page will not load resources such as `blockingpage.css` and `jquery.min.js` as the insecure `http://` is hard coded. Browsers will block attempts to load insecure resources if the page is loaded of SSL.
The fix is acheived by checking `$_SERVER['HTTPS']` and setting the variable `$proto` to either `http` or `https`. The harcoded `http` is replaced by the contents of this variable.
This commit is contained in:
andofrjando 2017-09-16 10:24:37 +08:00
parent c458e4a93b
commit 00d62b3423
No known key found for this signature in database
GPG key ID: F5978346E0803DC0

View file

@ -40,6 +40,15 @@ $validExtTypes = array("asp", "htm", "html", "php", "rss", "xml", "");
// Get extension of current URL
$currentUrlExt = pathinfo($_SERVER["REQUEST_URI"], PATHINFO_EXTENSION);
// Check if this is served over HTTP or HTTPS
if(isset($_SERVER['HTTPS'])) {
if ($_SERVER['HTTPS'] == "on") {
$proto = "https";
} else {
$proto = "http";
}
}
// Set mobile friendly viewport
$viewPort = '<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"/>';
@ -201,10 +210,10 @@ if (explode("-", $phVersion)[1] != "0")
<?=setHeader() ?>
<meta name="robots" content="noindex,nofollow"/>
<meta http-equiv="x-dns-prefetch-control" content="off">
<link rel="shortcut icon" href="http://pi.hole/admin/img/favicon.png" type="image/x-icon"/>
<link rel="stylesheet" href="http://pi.hole/pihole/blockingpage.css" type="text/css"/>
<link rel="shortcut icon" href="<?php echo $proto; ?>://pi.hole/admin/img/favicon.png" type="image/x-icon"/>
<link rel="stylesheet" href="<?php echo $proto; ?>://pi.hole/pihole/blockingpage.css" type="text/css"/>
<title> <?=$serverName ?></title>
<script src="http://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
<script src="<?php echo $proto; ?>://pi.hole/admin/scripts/vendor/jquery.min.js"></script>
<script>
window.onload = function () {
<?php