Permalink
Browse files

Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443

Force HTTPS if the original port is 443 behind a reverse proxy
  • Loading branch information...
ArthurHoaro committed Dec 3, 2017
2 parents 877491b + 8e9fc6f commit 101b935de4852308a238c04bf5a08d01a6ebe45c
Showing with 39 additions and 0 deletions.
  1. +7 −0 application/HttpUtils.php
  2. +32 −0 tests/HttpUtils/ServerUrlTest.php
@@ -302,6 +302,13 @@ function server_url($server)
$port = $server['HTTP_X_FORWARDED_PORT'];
}
// This is a workaround for proxies that don't forward the scheme properly.
// Connecting over port 443 has to be in HTTPS.
// See https://github.com/shaarli/Shaarli/issues/1022
if ($port == '443') {
$scheme = 'https';
}
if (($scheme == 'http' && $port != '80')
|| ($scheme == 'https' && $port != '443')
) {
@@ -186,4 +186,36 @@ public function testStandardHttpsPort()
)
);
}
/**
* Misconfigured server (see #1022): Proxy HTTP but 443
*/
public function testHttpWithPort433()
{
$this->assertEquals(
'https://host.tld',
server_url(
array(
'HTTPS' => 'Off',
'SERVER_NAME' => 'host.tld',
'SERVER_PORT' => '80',
'HTTP_X_FORWARDED_PROTO' => 'http',
'HTTP_X_FORWARDED_PORT' => '443'
)
)
);
$this->assertEquals(
'https://host.tld',
server_url(
array(
'HTTPS' => 'Off',
'SERVER_NAME' => 'host.tld',
'SERVER_PORT' => '80',
'HTTP_X_FORWARDED_PROTO' => 'https, http',
'HTTP_X_FORWARDED_PORT' => '443, 80'
)
)
);
}
}

0 comments on commit 101b935

Please sign in to comment.