Bug #13163

OAI identify command base URL does not respect HTTPS; appends index.php unnecessarily

Added by Dan Gillean over 2 years ago. Updated over 2 years ago.

Status:VerifiedStart date:08/27/2019
Priority:MediumDue date:
Assignee:-% Done:


Target version:Release 2.6.0
Google Code Legacy ID: Tested version:2.5, 2.6
Sponsored:No Requires documentation:No


First reported in the AtoM user forum, 2019-08-26: https://groups.google.com/d/msg/ica-atom-users/Pyj4DppbaGg/YW-HWs_lAwAJ

Currently, regardless of what the user inputs in the Base URL setting field, or whether or not they have HTTPS enabled on their site, the OAI repository's "Identify" response will always use "http://" as part of the base URL value returned - and it will also append /index.php, though this is not necessary for most sites.

To reproduce

  • Enable the OAI plugin, and configure the settings
  • In Admin > Settings > Site information, add https://www.example.com as the base url, and save
  • Enter the URL for the Identify command:
[test site URL]/;oai?verb=Identify

Resulting error

  • Base URL value in the Identify response is returned as:
  • https is replaced with http
  • /index.php is unnecessarily appended to the URL

Expected result

  • The base URL value appears as a user enters it
  • https is respected in the baseURL value included in the OAI Identify response
  • /index.php is not appended to the URL if not needed


#1 Updated by Dan Gillean over 2 years ago

As far as I can tell, the issue resides in the code here:

I'm not a developer, but from what I can understand of this, the getBaseUrl() function uses the function described above it, parseUrlHost, on line 183. However, if you look up at the parseUrlHost function, it appears that appending http:// is hardcoded as part of the function! I'm not entirely sure, but I suspect this is where the problem lies.

I can't personally figure out where the /index.php is being appended, but this too should not be done unnecessarily.

#2 Updated by Mike Cantelon over 2 years ago

  • Status changed from New to In progress
  • Assignee set to Mike Cantelon

#3 Updated by Mike Cantelon over 2 years ago

  • Status changed from In progress to Code Review
  • Assignee deleted (Mike Cantelon)

There was logic trying to figure out where the request was using HTTP or HTTPS and overriding the site's base URL in the OAI result. Simplified it to also use the base URL unaltered. This also fixes the issue with /index.php being appended.

PR for CR: https://github.com/artefactual/atom/pull/965

#4 Updated by Mike Cantelon over 2 years ago

  • Status changed from Code Review to Feedback
  • Assignee set to David Juhasz

I've updated the PR... thanks!

#5 Updated by David Juhasz over 2 years ago

  • Assignee changed from David Juhasz to Mike Cantelon

Looks good to me :)

#6 Updated by Mike Cantelon over 2 years ago

  • Category deleted (OAI-PMH)
  • Status changed from Feedback to QA/Review
  • Assignee deleted (Mike Cantelon)

Fix merged into qa/2.6.x.

#7 Updated by Dan Gillean over 2 years ago

  • Category set to OAI-PMH
  • Status changed from QA/Review to Verified
  • Target version set to Release 2.6.0
  • Requires documentation set to No

Nice, thanks!

Also available in: Atom PDF