…heir hostnames to the previous X-Forwarded-Host header. If we have Client <---> Fwd Proxy1 (first.proxy) <---> Fwd Proxy2 (second.proxy )<---> Application (third.server), then we will have these values for a script executed on third.server:: $_SERVER['HTTP_X_FORWARDED_HOST'] = 'first.proxy, second.proxy'; $_SERVER['HTTP_HOST'] = 'third.server'; If we use the raw value from $_SERVER['HTTP_X_FORWARDED_HOST'] for composing return URLs, we will generate invalid return URLs, in our case 'http://first.proxy, second.proxy/fb_oauth.php', and get a 'Oauth exception 191' or some other error message. If we properly process the X-Forwarded-Host value by taking the leftmost host, we will not get errors.
PHP 5.5 will throw deprecation warnings if users are uploading files with the previously documented `'source' => '@/foo/bar.jpg',` syntax. The new approach is to use `'source' => new CurlFile('/foo/bar.jpg', 'image/jpeg'),`, which obviously avoids accidental uploads (or upload attempts) from user-provided content which starts with a `"@"` character.
To make this a drop in replacement for the old endpoint, we also need support from the /dialog/oauth endpoint. Specifically, the current endpoint, when using display=none, always return the response as part of the fragment, while the PHP SDK needs the signed_request as a query string argument.
Fix issue with cURL on Windows machines when the local CA cert file is used. For some reason cURL refuses to use the CA cert bundle if forward-slashes are present in its path name.