Fix #15621 - Support CloudFront-Forwarded-Proto header

Signed-off-by: William Desportes <williamdes@wdes.fr>
phpmyadmin · Dec 9, 2019 · fd2b172 · fd2b172
1 parent b3c28b8
commit fd2b172
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 10 deletions.
diff --git a/libraries/classes/Config.php b/libraries/classes/Config.php
@@ -1340,6 +1340,9 @@ public function isHttps()
             $is_https = true;
         } elseif (strtolower(Core::getenv('HTTP_X_FORWARDED_PROTO')) == 'https') {
             $is_https = true;
+        } elseif (strtolower(Core::getenv('HTTP_CLOUDFRONT_FORWARDED_PROTO')) === 'https') {
+            // Amazon CloudFront, issue #15621
+            $is_https = true;
         } elseif (Core::getenv('SERVER_PORT') == 443) {
             $is_https = true;
         }

diff --git a/test/classes/ConfigTest.php b/test/classes/ConfigTest.php
@@ -550,17 +550,19 @@ public function testGetSetSource()
      *
      * @dataProvider httpsParams
      */
-    public function testIsHttps($scheme, $https, $uri, $lb, $front, $proto, $port, $expected)
+    public function testIsHttps($scheme, $https, $uri, $lb, $front, $proto, $protoCloudFront, $pmaAbsoluteUri, $port, $expected)
     {
         $_SERVER['HTTP_SCHEME'] = $scheme;
         $_SERVER['HTTPS'] = $https;
         $_SERVER['REQUEST_URI'] = $uri;
         $_SERVER['HTTP_HTTPS_FROM_LB'] = $lb;
         $_SERVER['HTTP_FRONT_END_HTTPS'] = $front;
         $_SERVER['HTTP_X_FORWARDED_PROTO'] = $proto;
+        $_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] = $protoCloudFront;
         $_SERVER['SERVER_PORT'] = $port;
 
         $this->object->set('is_https', null);
+        $this->object->set('PmaAbsoluteUri', $pmaAbsoluteUri);
         $this->assertEquals($expected, $this->object->isHttps());
     }
 
@@ -572,15 +574,21 @@ public function testIsHttps($scheme, $https, $uri, $lb, $front, $proto, $port, $
     public function httpsParams()
     {
         return array(
-            array('http', '', '', '', '', 'http', 80, false),
-            array('http', '', 'http://', '', '', 'http', 80, false),
-            array('http', '', '', '', '', 'http', 443, true),
-            array('http', '', '', '', '', 'https', 80, true),
-            array('http', '', '', '', 'on', 'http', 80, true),
-            array('http', '', '', 'on', '', 'http', 80, true),
-            array('http', '', 'https://', '', '', 'http', 80, true),
-            array('http', 'on', '', '', '', 'http', 80, true),
-            array('https', '', '', '', '', 'http', 80, true),
+            array('http', '', '', '', '', 'http', '', '', 80, false),
+            array('http', '', 'http://', '', '', 'http', '', '', 80, false),
+            array('http', '', '', '', '', 'http', '', '', 443, true),
+            array('http', '', '', '', '', 'https', '', '', 80, true),
+            array('http', '', '', '', 'on', 'http', '', '', 80, true),
+            array('http', '', '', 'on', '', 'http', '', '', 80, true),
+            array('http', '', 'https://', '', '', 'http', '', '', 80, true),
+            array('http', 'on', '', '', '', 'http', '', '', 80, true),
+            array('https', '', '', '', '', 'http', '', '', 80, true),
+            array('http', '', '', '', '', '', 'https', '', 80, true),
+            array('http', '', '', '', '', 'https', 'http', '', 80, true),
+            array('https', '', '', '', '', '', '', '', 80, true),
+            array('http', '', '', '', '', '', '', '', 8080, false),
+            array('', '', '', '', '', '', '', 'https://127.0.0.1', 80, true),
+            array('', '', '', '', '', '', '', 'http://127.0.0.1', 80, false),
         );
     }