Force HTTPS if the original port is 443 behind a reverse proxy

Fixes #1022
This commit is contained in:
ArthurHoaro 2017-11-17 19:04:14 +01:00
parent 844be5d556
commit 8e9fc6f6e6
2 changed files with 39 additions and 0 deletions

View file

@ -302,6 +302,13 @@ function server_url($server)
$port = $server['HTTP_X_FORWARDED_PORT']; $port = $server['HTTP_X_FORWARDED_PORT'];
} }
// This is a workaround for proxies that don't forward the scheme properly.
// Connecting over port 443 has to be in HTTPS.
// See https://github.com/shaarli/Shaarli/issues/1022
if ($port == '443') {
$scheme = 'https';
}
if (($scheme == 'http' && $port != '80') if (($scheme == 'http' && $port != '80')
|| ($scheme == 'https' && $port != '443') || ($scheme == 'https' && $port != '443')
) { ) {

View file

@ -186,4 +186,36 @@ public function testStandardHttpsPort()
) )
); );
} }
/**
* Misconfigured server (see #1022): Proxy HTTP but 443
*/
public function testHttpWithPort433()
{
$this->assertEquals(
'https://host.tld',
server_url(
array(
'HTTPS' => 'Off',
'SERVER_NAME' => 'host.tld',
'SERVER_PORT' => '80',
'HTTP_X_FORWARDED_PROTO' => 'http',
'HTTP_X_FORWARDED_PORT' => '443'
)
)
);
$this->assertEquals(
'https://host.tld',
server_url(
array(
'HTTPS' => 'Off',
'SERVER_NAME' => 'host.tld',
'SERVER_PORT' => '80',
'HTTP_X_FORWARDED_PROTO' => 'https, http',
'HTTP_X_FORWARDED_PORT' => '443, 80'
)
)
);
}
} }