aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorArthurHoaro <arthur@hoa.ro>2017-11-17 19:04:14 +0100
committerArthurHoaro <arthur@hoa.ro>2017-12-02 15:24:35 +0100
commit8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a (patch)
treeb2ae47ccad12f412a39b2b34cfa2556ce2ad5658
parent844be5d55610f21e078f3325a1e4e20f41e5abb5 (diff)
downloadShaarli-8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a.tar.gz
Shaarli-8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a.tar.zst
Shaarli-8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a.zip
Force HTTPS if the original port is 443 behind a reverse proxy
Fixes #1022
-rw-r--r--application/HttpUtils.php7
-rw-r--r--tests/HttpUtils/ServerUrlTest.php32
2 files changed, 39 insertions, 0 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php
index 00835966..c6181df4 100644
--- a/application/HttpUtils.php
+++ b/application/HttpUtils.php
@@ -302,6 +302,13 @@ function server_url($server)
302 $port = $server['HTTP_X_FORWARDED_PORT']; 302 $port = $server['HTTP_X_FORWARDED_PORT'];
303 } 303 }
304 304
305 // This is a workaround for proxies that don't forward the scheme properly.
306 // Connecting over port 443 has to be in HTTPS.
307 // See https://github.com/shaarli/Shaarli/issues/1022
308 if ($port == '443') {
309 $scheme = 'https';
310 }
311
305 if (($scheme == 'http' && $port != '80') 312 if (($scheme == 'http' && $port != '80')
306 || ($scheme == 'https' && $port != '443') 313 || ($scheme == 'https' && $port != '443')
307 ) { 314 ) {
diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php
index dac02b3e..324b827a 100644
--- a/tests/HttpUtils/ServerUrlTest.php
+++ b/tests/HttpUtils/ServerUrlTest.php
@@ -186,4 +186,36 @@ class ServerUrlTest extends PHPUnit_Framework_TestCase
186 ) 186 )
187 ); 187 );
188 } 188 }
189
190 /**
191 * Misconfigured server (see #1022): Proxy HTTP but 443
192 */
193 public function testHttpWithPort433()
194 {
195 $this->assertEquals(
196 'https://host.tld',
197 server_url(
198 array(
199 'HTTPS' => 'Off',
200 'SERVER_NAME' => 'host.tld',
201 'SERVER_PORT' => '80',
202 'HTTP_X_FORWARDED_PROTO' => 'http',
203 'HTTP_X_FORWARDED_PORT' => '443'
204 )
205 )
206 );
207
208 $this->assertEquals(
209 'https://host.tld',
210 server_url(
211 array(
212 'HTTPS' => 'Off',
213 'SERVER_NAME' => 'host.tld',
214 'SERVER_PORT' => '80',
215 'HTTP_X_FORWARDED_PROTO' => 'https, http',
216 'HTTP_X_FORWARDED_PORT' => '443, 80'
217 )
218 )
219 );
220 }
189} 221}