-
Notifications
You must be signed in to change notification settings - Fork 144
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #5949 from WoltLab/require-https
Make HTTPS a hard requirement
- Loading branch information
Showing
16 changed files
with
305 additions
and
93 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
37 changes: 37 additions & 0 deletions
37
wcfsetup/install/files/acp/update_com.woltlab.wcf_6.1_checkSystemRequirements.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
<?php | ||
|
||
/** | ||
* Checks the system requirements for the upgrade from WoltLab Suite 6.0. | ||
* | ||
* @author Alexander Ebert | ||
* @copyright 2001-2024 WoltLab GmbH | ||
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | ||
* @since 6.1 | ||
*/ | ||
|
||
use wcf\system\request\RouteHandler; | ||
use wcf\system\WCF; | ||
|
||
$checkForTls = function () { | ||
if (RouteHandler::secureConnection()) { | ||
return true; | ||
} | ||
|
||
// @see RouteHandler::secureContext() | ||
$host = $_SERVER['HTTP_HOST']; | ||
if ($host === '127.0.0.1' || $host === 'localhost' || \str_ends_with($host, '.localhost')) { | ||
return true; | ||
} | ||
|
||
return false; | ||
}; | ||
|
||
if (!$checkForTls()) { | ||
if (WCF::getLanguage()->getFixedLanguageCode() === 'de') { | ||
$message = "Die Seite wird nicht über HTTPS aufgerufen. Wichtige Funktionen stehen dadurch nicht zur Verfügung, die für die korrekte Funktionsweise der Software erforderlich sind."; | ||
} else { | ||
$message = "The page is not accessed via HTTPS. Important features that are required for the proper operation of the software are therefore not available."; | ||
} | ||
|
||
throw new \RuntimeException($message); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
46 changes: 46 additions & 0 deletions
46
wcfsetup/install/files/lib/http/middleware/CheckForTls.class.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<?php | ||
|
||
namespace wcf\http\middleware; | ||
|
||
use Laminas\Diactoros\Response\RedirectResponse; | ||
use Psr\Http\Message\ResponseInterface; | ||
use Psr\Http\Message\ServerRequestInterface; | ||
use Psr\Http\Server\MiddlewareInterface; | ||
use Psr\Http\Server\RequestHandlerInterface; | ||
use wcf\system\request\RequestHandler; | ||
use wcf\system\request\RouteHandler; | ||
use wcf\util\HeaderUtil; | ||
|
||
/** | ||
* Checks if the request is for the frontend and originates from an insecure context. | ||
* | ||
* @author Alexander Ebert | ||
* @copyright 2001-2024 WoltLab GmbH | ||
* @license GNU Lesser General Public License <http://opensource.org/licenses/lgpl-license.php> | ||
* @since 6.1 | ||
*/ | ||
final class CheckForTls implements MiddlewareInterface | ||
{ | ||
#[\Override] | ||
public function process(ServerRequestInterface $request, RequestHandlerInterface $handler): ResponseInterface | ||
{ | ||
if (RequestHandler::getInstance()->isACPRequest()) { | ||
return $handler->handle($request); | ||
} | ||
|
||
if (RouteHandler::secureContext()) { | ||
return $handler->handle($request); | ||
} | ||
|
||
return $this->redirectToHttps($request); | ||
} | ||
|
||
private function redirectToHttps(ServerRequestInterface $request): ResponseInterface | ||
{ | ||
$uri = $request->getUri()->withScheme('https'); | ||
|
||
return HeaderUtil::withNoCacheHeaders( | ||
new RedirectResponse($uri) | ||
); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.