Bug #54453
Http request does not handle X-Forwarded-Proto headers consistently
Status: | Resolved | Start date: | 2013-12-16 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Bastian Waidelich | % Done: | 100% |
|
Category: | Http | |||
Target version: | - | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | (any) |
Description
The Http\Request
currently only checks the X-Forwarded-Proto header in isSecure(). But it fails to verify it correctly and it ignores the header when fetching the URI from the current request:
Given:
GET http://acme.com:8080 HTTP/1.1 X-Forwarded-Proto: https X-Forwarded-Port: 443
1(string)$currentHttpRequest->getUri();
EXPECTED: https://acme.com
ACTUAL: http://acme.com:8080
Related issues
Associated revisions
[BUGFIX] Respect X-Forwarded-Proto header consistently
The ``Http\Request`` currently only considers ``X-Forwarded-Proto``
headers in its isSecure() method.
With this change the header is checked in the constructor so that it
overrules the requested protocol if set.
Before::
GET http://acme.com:8080 HTTP/1.1
X-Forwarded-Proto: https
X-Forwarded-Port: 443
Generated URIs like ``http://acme.com:8080``. With this change the
result is ``https://acme.com``.
Change-Id: If12eee73208b29049d543a9563a3b42161b1f024
Fixes: #54453
Releases: 2.0, master
[BUGFIX] Respect X-Forwarded-Proto header consistently
The ``Http\Request`` currently only considers ``X-Forwarded-Proto``
headers in its isSecure() method.
With this change the header is checked in the constructor so that it
overrules the requested protocol if set.
Before::
GET http://acme.com:8080 HTTP/1.1
X-Forwarded-Proto: https
X-Forwarded-Port: 443
Generated URIs like ``http://acme.com:8080``. With this change the
result is ``https://acme.com``.
Change-Id: If12eee73208b29049d543a9563a3b42161b1f024
Fixes: #54453
Releases: 2.0, 2.1, master
History
#1 Updated by Gerrit Code Review over 1 year ago
- Status changed from Accepted to Under Review
Patch set 1 for branch master of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/26450
#2 Updated by Bastian Waidelich over 1 year ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset ca7d52f5f458f8191980ec41f9df21fb495286f1.
#3 Updated by Gerrit Code Review over 1 year ago
- Status changed from Resolved to Under Review
Patch set 1 for branch 2.1 of project Packages/TYPO3.Flow has been pushed to the review server.
It is available at https://review.typo3.org/26868
#4 Updated by Bastian Waidelich about 1 year ago
- Status changed from Under Review to Resolved
Applied in changeset a5c3398363278a2c28fd67f4edca58f448c420a1.