From: ArthurHoaro Date: Sun, 3 Dec 2017 11:46:43 +0000 (+0100) Subject: Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443 X-Git-Tag: v0.9.4~24 X-Git-Url: https://git.immae.eu/?p=github%2Fshaarli%2FShaarli.git;a=commitdiff_plain;h=101b935de4852308a238c04bf5a08d01a6ebe45c;hp=877491b4ad0a6a9119e667901cef40cc56116901 Merge pull request #1025 from ArthurHoaro/hotfix/proxy-443 Force HTTPS if the original port is 443 behind a reverse proxy --- diff --git a/application/HttpUtils.php b/application/HttpUtils.php index ec54dcd4..c9371b55 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php @@ -302,6 +302,13 @@ function server_url($server) $port = $server['HTTP_X_FORWARDED_PORT']; } + // This is a workaround for proxies that don't forward the scheme properly. + // Connecting over port 443 has to be in HTTPS. + // See https://github.com/shaarli/Shaarli/issues/1022 + if ($port == '443') { + $scheme = 'https'; + } + if (($scheme == 'http' && $port != '80') || ($scheme == 'https' && $port != '443') ) { diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php index dac02b3e..324b827a 100644 --- a/tests/HttpUtils/ServerUrlTest.php +++ b/tests/HttpUtils/ServerUrlTest.php @@ -186,4 +186,36 @@ class ServerUrlTest extends PHPUnit_Framework_TestCase ) ); } + + /** + * Misconfigured server (see #1022): Proxy HTTP but 443 + */ + public function testHttpWithPort433() + { + $this->assertEquals( + 'https://host.tld', + server_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'HTTP_X_FORWARDED_PROTO' => 'http', + 'HTTP_X_FORWARDED_PORT' => '443' + ) + ) + ); + + $this->assertEquals( + 'https://host.tld', + server_url( + array( + 'HTTPS' => 'Off', + 'SERVER_NAME' => 'host.tld', + 'SERVER_PORT' => '80', + 'HTTP_X_FORWARDED_PROTO' => 'https, http', + 'HTTP_X_FORWARDED_PORT' => '443, 80' + ) + ) + ); + } }