Disable toolbar when using forcing HTTPS

2026-04-27 03:00:12 -04:00 · 2014-08-28 13:41:04 -03:00
parent 0b5eebac2d
commit 8aa2312c94
5 changed files with 11 additions and 3 deletions
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -1057,6 +1057,10 @@ class ApiController(RedditController):
            form.set_html(".status", _("employees are required to use HTTPS"))
            return
        c.user.pref_force_https = force_https
+        # Most pages we'd try to frame would be http:, and most browsers
+        # disallow mixed-content. Disable the toolbar when forcing HTTPS.
+        if force_https:
+            c.user.pref_frame = False
        c.user._commit()

        # run the change password command to get a new salt.
--- a/r2/r2/controllers/toolbar.py
+++ b/r2/r2/controllers/toolbar.py
@@ -118,7 +118,7 @@ class ToolbarController(RedditController):
            self.abort403()
        elif link.is_self:
            return self.redirect(link.url)
-        elif not (c.user_is_loggedin and c.user.pref_frame):
+        elif not (c.user_is_loggedin and c.user.uses_toolbar):
            return self.redirect(link.make_permalink_slow(force_domain=True))
        
        # if the domain is shame-banned, bail out.
--- a/r2/r2/models/account.py
+++ b/r2/r2/models/account.py
@@ -659,6 +659,10 @@ class Account(Thing):
            return True
        return self.pref_force_https

+    @property
+    def uses_toolbar(self):
+        return not self.https_forced and self.pref_frame
+
    @property
    def cpm_selfserve_pennies(self):
        override_price = getattr(self, 'cpm_selfserve_pennies_override', None)
--- a/r2/r2/models/link.py
+++ b/r2/r2/models/link.py
@@ -365,7 +365,7 @@ class Link(Thing, Printable):
        user_is_admin = c.user_is_admin
        user_is_loggedin = c.user_is_loggedin
        pref_media = user.pref_media
-        pref_frame = user.pref_frame
+        pref_frame = user.uses_toolbar
        cname = c.cname
        site = c.site

--- a/r2/r2/templates/prefoptions.html
+++ b/r2/r2/templates/prefoptions.html
@@ -112,7 +112,7 @@
  <tr>
    <th>${_("clicking options")}</th>
    <td class="prefright">
-      ${checkbox(_("display links with a reddit toolbar"), "frame")}
+      ${checkbox(_("display links with a reddit toolbar"), "frame", disabled=c.user.https_forced, disabled_text=_("(not supported when using HTTPS)"))}
      <br/>
      ${checkbox(_("open links in a new window"), "newwindow")}
    </td>