Skip to content
This repository has been archived by the owner on Nov 3, 2023. It is now read-only.

Check X-Forwarded-Proto header in Environment::ssl #8691

Closed
wants to merge 1 commit into from
Closed

Check X-Forwarded-Proto header in Environment::ssl #8691

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
10 changes: 9 additions & 1 deletion system/modules/core/library/Contao/Environment.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -311,7 +311,15 @@ protected static function httpXForwardedHost()
*/
protected static function ssl()
{
return ($_SERVER['SSL_SESSION_ID'] || $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1);
// Basic PHP SSL checks
if ($_SERVER['SSL_SESSION_ID'] || $_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)
{
return true;
}

// Check X-Forwarded-Proto but only use if remote addr is whitelisted
$arrTrusted = trimsplit(',', \Config::get('proxyServerIps'));
return (in_array($_SERVER['REMOTE_ADDR'], $arrTrusted) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
}


Expand Down