HTTP-Error 403 in chrome and Safari using https connection

[arfaram]

Hi,
i'm using the bundle with symfony2.3 over http everything works fine.
Using HTTPS connection in chrome or Safari i get 403 forbbiden access when i POST vaiable from a form. in FF , IE and Opera no error are reported.

[Seldaek]

Not sure what could cause this. Are you using a self-signed certificate perhaps that has not been accepted in chrome? Did you check in the dev tools to see if the preflight OPTIONS request is done at all and if yes why it failed?

[arfaram]

no, i' m using a COMODO SSL Certificate. After Debugging i found that the $options array value is empty:
Array ( [allow_origin] => Array ( ) [allow_credentials] => [allow_headers] => Array ( ) [expose_headers] => Array ( ) [allow_methods] => Array ( ) [max_age] => 0 [hosts] => Array ( ) )
So that the checkOrigin Method will fail.
I m using a squid for SSL connection configured in external server. The backed Server is using apache only on port 80. The proxy forward all SSL requests (443) to webserver on port 80.

[Seldaek]

Well if it's all empty then there is no way it will reply successfully. Yet it works in FF/IE you say? This sounds wrong.

[JulienTant]

Same problem here. The strange thing is that in this line

        if (!$request->headers->has('Origin') || $request->headers->get('Origin') == $request->getSchemeAndHttpHost()) {

chrome have no Origin on a GET request, but have one in POST request. So we're going to the second part of the condition, and we can see that request->getSchemeAndHttpHost() doesn't return the https:// protocol. Really weird.

[stof]

@JulienTant have you configured the IP of your Squid as a trusted proxy ? See http://symfony.com/doc/current/cookbook/request/load_balancer_reverse_proxy.html