It’s possible to let TypoScript to help you with enabling secure URLs when the incoming connection is requesting such. To do so, put the following code in your TypoScript template in Constants or Setup depending upon how you set config.baseURL or config.absRefPrefix in Setup.
config.baseURL = http://example.com config.absRefPrefix = http://example.com [globalString = _SERVER|HTTPS=on] config.baseURL = config.absRefPrefix = [end]
From our professional experience, we’ve found that a full URL for absRefPrefix is the long term solution as TYPO3 extensions move away from using baseURL to create their own links to letting the typolink method do so.
If you use the cal extension, you might need to unset absRefPrefix on pages with a cal view by the following TypoScript.
But, I want to Enforce Secure URLs
The above code is great to keeping to secure URLs when the incoming request is via a secure URLs. However, it doesn’t force an insecure URL request to secure. To do this, I strongly suggest using Florian Schlichting’s excellent TYPO3 extension “Page HTTP/HTTPS Enforcer – https_enforcer”.
The https_enforcer is fairly easy to setup and use, but it does require a slightly different TypoScript modification than normal. In this case, the PAGE object needs to reference the extension directly before any other PAGE sub-objects are requested so that the secure URL check and redirect happens in a timely manner.
Setup TypoScript modification
Look at the new page.5 inclusion.
page = PAGE page.typeNum = 0 page.5 &lt; plugin.tx_httpsenforcer_pi1 page.10 = USER page.10.userFunc = tx_templavoila_pi1-&gt;main_page
Sample TypoScript constants
Be sure to not include protocols or slashes in the domain names.
https_enforcer.always_allow_SSL = 1 https_enforcer.secure_typo3_root = www.example.com https_enforcer.unsecure_typo3_root = www.example.com
By using both secure URL options, you can ensure that pages that should be secure are secure when called and the same for the follow-on URL requests.
First Posted on: May 12, 2009. Revised.