cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to generate unsecure URL if current URL is secure

0 Kudos

Unable to generate unsecure URL if current URL is secure

Feature request from Marko-M, posted on GitHub Aug 16, 2016

Preconditions

  1. Magento 2 version 2.1.0
  2. Use \Magento\Framework\Url::getUrl() from secure area of the store

Steps to reproduce

  1. Make sure code is executed in secure area of the store (HTTPS)
  2. Generate URL in code
    /**
     * @var \Magento\Framework\Url
     */
    protected $url;
    ...
    $this->url->getUrl(
        'test/test/test',
        [
            '_secure' => false
        ]
    )
  3. Resulting URL is https://example.com/test/test/test

Expected result

  1. Make sure code is executed in secure area of the store (HTTPS)
  2. Generate URL in code
    /**
     * @var \Magento\Framework\Url
     */
    protected $url;
    ...
    $this->url->getUrl(
        'test/test/test',
        [
            '_secure' => false
        ]
    )
  3. Resulting URL is http://example.com/test/test/test

Reason behind such behavior is:

https://github.com/magento/magento2/blob/2.1.0/lib/internal/Magento/Framework/Url.php#L364-L366

where code assumes that if current request is secure, requested url should be secure as well, regardless to '_secure' parameter saying otherwise.