Force HTTPS if the original port is 443 behind a reverse proxy
Fixes #1022
This commit is contained in:
parent
844be5d556
commit
8e9fc6f6e6
2 changed files with 39 additions and 0 deletions
|
@ -302,6 +302,13 @@ function server_url($server)
|
|||
$port = $server['HTTP_X_FORWARDED_PORT'];
|
||||
}
|
||||
|
||||
// This is a workaround for proxies that don't forward the scheme properly.
|
||||
// Connecting over port 443 has to be in HTTPS.
|
||||
// See https://github.com/shaarli/Shaarli/issues/1022
|
||||
if ($port == '443') {
|
||||
$scheme = 'https';
|
||||
}
|
||||
|
||||
if (($scheme == 'http' && $port != '80')
|
||||
|| ($scheme == 'https' && $port != '443')
|
||||
) {
|
||||
|
|
|
@ -186,4 +186,36 @@ class ServerUrlTest extends PHPUnit_Framework_TestCase
|
|||
)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Misconfigured server (see #1022): Proxy HTTP but 443
|
||||
*/
|
||||
public function testHttpWithPort433()
|
||||
{
|
||||
$this->assertEquals(
|
||||
'https://host.tld',
|
||||
server_url(
|
||||
array(
|
||||
'HTTPS' => 'Off',
|
||||
'SERVER_NAME' => 'host.tld',
|
||||
'SERVER_PORT' => '80',
|
||||
'HTTP_X_FORWARDED_PROTO' => 'http',
|
||||
'HTTP_X_FORWARDED_PORT' => '443'
|
||||
)
|
||||
)
|
||||
);
|
||||
|
||||
$this->assertEquals(
|
||||
'https://host.tld',
|
||||
server_url(
|
||||
array(
|
||||
'HTTPS' => 'Off',
|
||||
'SERVER_NAME' => 'host.tld',
|
||||
'SERVER_PORT' => '80',
|
||||
'HTTP_X_FORWARDED_PROTO' => 'https, http',
|
||||
'HTTP_X_FORWARDED_PORT' => '443, 80'
|
||||
)
|
||||
)
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue