SSL 로그인시 http에서 시도할 경우 발생하는 cross domain 오류 수정

git-svn-id: http://xe-core.googlecode.com/svn/sandbox@6769 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-01-09 03:32:00 +09:00 · 2009-09-01 06:32:35 +00:00 · 2009-09-01 06:32:35 +00:00 · c6e637e9e8
commit c6e637e9e8
parent 616942c522
4 changed files with 49 additions and 6 deletions
--- a/classes/display/DisplayHandler.class.php
+++ b/classes/display/DisplayHandler.class.php
@ -187,6 +187,8 @@
            $message = $oModule->getMessage();
            $redirect_url = $oModule->get('redirect_url');
            $request_uri = Context::get('xeRequestURI');
+            $request_url = Context::get('xeVirtualRequestUrl');
+            if(substr($request_url,-1)!='/') $request_url .= '/';

            if($error === 0) {
                if($message != 'success') $output->message = $message;
@ -199,8 +201,8 @@
            $html = '<script type="text/javascript">'."\n";
            if($output->message) $html .= 'alert("'.$output->message.'");'."\n";
            if($output->url) {
-                $output->url = preg_replace('/#(.+)$/i','',$output->url);
-                $html .= 'top.location.href = "'.$output->url.'";'."\n";
+                $url = preg_replace('/#(.+)$/i','',$output->url);
+                $html .= 'location.href = "'.$request_url.'common/tpl/redirect.html?redirect_url='.urlencode($url).'";'."\n";
            }
            $html .= '</script>'."\n";
            return $html;
--- a/common/js/xml_handler.js
+++ b/common/js/xml_handler.js
@ -99,8 +99,20 @@ function xml_handlerRequest(callBackFunc, xmlObj, callBackFunc2, response_tags,
        var action = this.params['act'];
        for(i=0;i<ssl_actions.length;i++) {
            if(ssl_actions[i]==action) {
-                this.xml_path = this.xml_path.replace(/^http:\/\//i,'https://');
-                break;
+                var url = request_uri;
+                if(typeof(default_url)!='undefined' && default_url) url = default_url;
+                var port = 443;
+                if(typeof(https_port)!='undefined' && https_port != 443) port = https_port;
+                var _u1 = xCreateElement('a');
+                _u1.href = url;
+                var targetUrl = '';
+                if(port == 443) targetUrl = 'https://';
+                else targetUrl = 'http://';
+                targetUrl += _u1.hostname;
+                if(port != 443) targetUrl += ':'+port;
+                targetUrl += _u1.pathname;
+                targetUrl = targetUrl.replace(/\/$/,'');
+                this.xml_path = targetUrl + '/index.php';
            }
        }
    }
@ -142,9 +154,15 @@ function xml_handlerRequest(callBackFunc, xmlObj, callBackFunc2, response_tags,
        var j = xCreateElement('input');
        j.type = 'hidden';
        j.name = 'xeRequestURI';
-        j.value = location.href;
+        j.value = location.href.replace(/#(.*)$/i,'');
        fo.appendChild(j);

+        var k = xCreateElement('input');
+        k.type = 'hidden';
+        k.name = 'xeVirtualRequestUrl';
+        k.value = request_uri;
+        fo.appendChild(k);
+
        for (var key in this.params) {
            if(!this.params.hasOwnProperty(key)) continue;
            var i = xCreateElement('input');
--- a/common/tpl/common_layout.html
+++ b/common/tpl/common_layout.html
@ -53,13 +53,15 @@
    <script type="text/javascript">//<![CDATA[
        var current_url = "{$current_url}";
        var request_uri = "{$request_uri}";
-        <!--@if($vid)-->var xeVid = "{$vid}";<!--@end-->
+<!--@if($vid)-->var xeVid = "{$vid}";<!--@end-->
        var current_mid = "{$mid}";
        var waiting_message = "{$lang->msg_call_server}";
        var ssl_actions = new Array(<!--@if(count($ssl_actions))-->"{implode('","',$ssl_actions)}"<!--@end-->);
+        var default_url = "{Context::getDefaultUrl()}";
        <!--@if(Context::get("_http_port"))-->var http_port = {Context::get("_http_port")};<!--@end-->
        <!--@if(Context::get("_https_port"))-->var https_port = {Context::get("_https_port")};<!--@end-->
        <!--@if(Context::get("_use_ssl") && Context::get("_use_ssl") == "always")-->var enforce_ssl = true;<!--@end-->
+
    //]]></script>

    {Context::getHtmlHeader()}
--- a/common/tpl/redirect.html
+++ b/common/tpl/redirect.html
@ -0,0 +1,21 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+</head>
+<body>
+    <script type="text/javascript">
+        var idx = location.href.indexOf('?');
+        var url = top.location.href;
+        if(idx > -1 ) {
+            var query_string = location.href.substr(idx+1, location.href.length);
+            var args = {};
+            query_string.replace(/([^=]+)=([^&]*)(&|$)/g, function() { args[arguments[1]] = arguments[2]; });
+
+            url = args['redirect_url'];
+            if(typeof(q)=="undefined" || !q) url = top.location.href.replace(/#(.*)$/i,'');
+        }
+        top.location.href = url;
+    </script>
+</body>
+</html>