Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

FIX Director::forceSSL and forceWWW not setting Vary header

If you have a Varnish box in front of a SilverStripe install, and
you call forceSSL, the Vary header wouldnt get sent. As a result
Varnish would respond with the same redirect reponse after the
redirect, leading to an infinite loop
  • Loading branch information...
commit c6b4d993cc8b771318c8dc1d522919dd1eb6447f 1 parent ff45f7c
@hafriedlander hafriedlander authored
Showing with 25 additions and 10 deletions.
  1. +22 −7 control/Director.php
  2. +3 −3 control/HTTP.php
View
29 control/Director.php
@@ -715,6 +715,26 @@ public static function absoluteBaseURLWithAuth() {
}
/**
+ * Skip any further processing and immediately respond with a redirect to the passed URL.
+ *
+ * @param string $destURL - The URL to redirect to
+ */
+ protected static function force_redirect($destURL) {
+ $response = new SS_HTTPResponse(
+ "<h1>Your browser is not accepting header redirects</h1>".
+ "<p>Please <a href=\"$destURL\">click here</a>",
+ 301
+ );
+
+ HTTP::add_cache_headers($response);
+ $response->addHeader('Location', $destURL);
+
+ // TODO: Use an exception - ATM we can be called from _config.php, before Director#handleRequest's try block
+ $response->output();
+ die;
+ }
+
+ /**
* Force the site to run on SSL.
*
* To use, call from _config.php. For example:
@@ -782,10 +802,7 @@ public static function forceSSL($patterns = null, $secureDomain = null) {
if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
return $destURL;
} else {
- if(!headers_sent()) header("Location: $destURL");
-
- die("<h1>Your browser is not accepting header redirects</h1>"
- . "<p>Please <a href=\"$destURL\">click here</a>");
+ self::force_redirect($destURL);
}
} else {
return false;
@@ -800,9 +817,7 @@ public static function forceWWW() {
$destURL = str_replace(Director::protocol(), Director::protocol() . 'www.',
Director::absoluteURL($_SERVER['REQUEST_URI']));
- header("Location: $destURL", true, 301);
- die("<h1>Your browser is not accepting header redirects</h1>"
- . "<p>Please <a href=\"$destURL\">click here</a>");
+ self::force_redirect($destURL);
}
}
View
6 control/HTTP.php
@@ -338,11 +338,11 @@ public static function add_cache_headers($body = null) {
$responseHeaders["Cache-Control"] = "max-age=" . self::$cache_age . ", must-revalidate, no-transform";
$responseHeaders["Pragma"] = "";
- // To do: User-Agent should only be added in situations where you *are* actually
+ // To do: User-Agent should only be added in situations where you *are* actually
// varying according to user-agent.
$responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept';
-
- } else {
+ }
+ else {
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
}
Please sign in to comment.
Something went wrong with that request. Please try again.