You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is causing problems when library is used in apps that are working from behind load balancers or reverse proxies and security and port of the call is defined by Forwarded headers. In such scenario request.secure() will return true, while code in question will claim port is 80. This causes problems in DefaultUrlResolver of pac4j's core library:
ContextHelper.isHttps(context) will return true as it relies on request.secure() that's filled by Play with correct values from Forwarded headers.
context.getServerPort() will return 80 as it does not take request.secure() or X-Forwarded-Port into account.
Resulting urls look like https://something.org:80 and this causes obvious problems.
Thanks
The text was updated successfully, but these errors were encountered:
PlayWebContext incorrectly uses
80
as a default port ignoringrequest.secure()
: https://github.com/pac4j/play-pac4j/blob/master/shared/src/main/java/org/pac4j/play/PlayWebContext.java#L181This is causing problems when library is used in apps that are working from behind load balancers or reverse proxies and security and port of the call is defined by
Forwarded
headers. In such scenariorequest.secure()
will returntrue
, while code in question will claim port is 80. This causes problems in DefaultUrlResolver of pac4j's core library:ContextHelper.isHttps(context)
will returntrue
as it relies onrequest.secure()
that's filled by Play with correct values fromForwarded
headers.context.getServerPort()
will return80
as it does not takerequest.secure()
orX-Forwarded-Port
into account.Resulting urls look like
https://something.org:80
and this causes obvious problems.Thanks
The text was updated successfully, but these errors were encountered: