Commit graph

16 commits

Author SHA1 Message Date
ArthurHoaro
8e9fc6f6e6 Force HTTPS if the original port is 443 behind a reverse proxy
Fixes #1022
2017-12-02 15:24:35 +01:00
ArthurHoaro
a3130d2c2f Make work behind a reverse proxy
Without HTTP_X_FORWARDED_PORT check,  might be set to false even though the user is using HTTPS, thus disabling Firefox Social block display
2017-09-02 13:50:49 +02:00
Stephen Muth
b80315e238 Respect HTTP_X_FORWARDED_HOST
alongside _PORT and _PROTO
Fixes #879
2017-07-08 00:01:03 +00:00
VirtualTam
ee6f4b64a9 Cleanup: use safe boolean comparisons
Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2017-01-07 14:37:40 +01:00
ArthurHoaro
8e4be77368 Hide default port in local URL behind a reverse proxy 2017-01-03 14:17:05 +01:00
Arthur
adcdac1dec Merge pull request #623 from ArthurHoaro/security/reverse-proxy-ban
Add trusted IPs in config and try to ban forwarded IP on failed login
2016-10-12 14:48:57 +02:00
julienCXX
634783f916 Set cURL as default in HTTP fetching, a fallback method and consistency fixup between both methods 2016-08-08 20:45:50 +02:00
ArthurHoaro
50d1791838 Add trusted IPs in config and try to ban forwarded IP on failed login
* Add a new settings (which needs to be manually set): `security.trusted_proxies`
  * On login failure, if the `REMOTE_ADDR` is in the trusted proxies, try to retrieve the forwarded IP in headers.
  * If found, the client address is added in ipbans, else we do nothing.

Fixes #409
2016-08-03 10:36:47 +02:00
ArthurHoaro
5046bcb6ab Fix startsWith and endsWith case 2016-05-10 23:31:41 +02:00
ArthurHoaro
caa69b5853 typo 2016-05-05 13:28:43 +02:00
ArthurHoaro
ce7b0b6480 Fixes #531 - Title retrieving is failing with multiple use case
see https://github.com/shaarli/Shaarli/issues/531 for details
2016-05-03 19:51:29 +02:00
ArthurHoaro
85244fa0d0 Fixes #477: support multi reverse proxy with comma syntax
Going through multiple reverse proxy will store multiple scheme and port in HTTP header separated by a comma. Shaarli will use the first one to generate server_url.
2016-02-28 16:24:18 +01:00
VirtualTam
fc17813bd1 tests: add a make target to check file permissions
Additions:
- [makefile] check versioned files are not executable
- [travis]   call the new make target

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2016-01-17 21:02:24 +01:00
ArthurHoaro
1557cefbd7 Fixes #410 - Retrieve title fails in multiple cases
* `get_http_url()` renamed to `get_http_response()`.
  * Use the same HTTP context to retrieve response headers and content.
  * Follow HTTP 301 and 302 redirections to retrieve the title (default max 3 redirections).
  * Add `LinkUtils` to extract titles and charset.
  * Try to retrieve charset from HTTP headers first (new), then HTML content.
  * Use mb_string to re-encode title if necessary.
2016-01-11 21:19:31 +01:00
VirtualTam
482d67bd52 HTTP: move server URL functions to HttpUtils.php
Relates to #333

Modifications:
 - refactor server URL utility functions
 - do not access global `$_SERVER` variables
 - add test coverage
 - improve readability
 - apply coding conventions

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-14 20:27:16 +02:00
VirtualTam
451314eb48 HTTP: move utils to a proper file, add tests
Relates to #333

Modifications:
 - move HTTP utils to 'application/HttpUtils.php'
 - simplify logic
   - replace 'http_parse_headers_shaarli' by built-in 'get_headers()'
   - remove superfluous '$status' parameter (provided by the HTTP headers)
 - apply coding conventions
 - add test coverage (unitary only)

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
2015-09-06 19:30:26 +02:00