diff options
author | ArthurHoaro <arthur@hoa.ro> | 2017-11-17 19:04:14 +0100 |
---|---|---|
committer | ArthurHoaro <arthur@hoa.ro> | 2017-12-02 15:24:35 +0100 |
commit | 8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a (patch) | |
tree | b2ae47ccad12f412a39b2b34cfa2556ce2ad5658 | |
parent | 844be5d55610f21e078f3325a1e4e20f41e5abb5 (diff) | |
download | Shaarli-8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a.tar.gz Shaarli-8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a.tar.zst Shaarli-8e9fc6f6e6afc052a2c3b2d459764cc9ab20420a.zip |
Force HTTPS if the original port is 443 behind a reverse proxy
Fixes #1022
-rw-r--r-- | application/HttpUtils.php | 7 | ||||
-rw-r--r-- | tests/HttpUtils/ServerUrlTest.php | 32 |
2 files changed, 39 insertions, 0 deletions
diff --git a/application/HttpUtils.php b/application/HttpUtils.php index 00835966..c6181df4 100644 --- a/application/HttpUtils.php +++ b/application/HttpUtils.php | |||
@@ -302,6 +302,13 @@ function server_url($server) | |||
302 | $port = $server['HTTP_X_FORWARDED_PORT']; | 302 | $port = $server['HTTP_X_FORWARDED_PORT']; |
303 | } | 303 | } |
304 | 304 | ||
305 | // This is a workaround for proxies that don't forward the scheme properly. | ||
306 | // Connecting over port 443 has to be in HTTPS. | ||
307 | // See https://github.com/shaarli/Shaarli/issues/1022 | ||
308 | if ($port == '443') { | ||
309 | $scheme = 'https'; | ||
310 | } | ||
311 | |||
305 | if (($scheme == 'http' && $port != '80') | 312 | if (($scheme == 'http' && $port != '80') |
306 | || ($scheme == 'https' && $port != '443') | 313 | || ($scheme == 'https' && $port != '443') |
307 | ) { | 314 | ) { |
diff --git a/tests/HttpUtils/ServerUrlTest.php b/tests/HttpUtils/ServerUrlTest.php index dac02b3e..324b827a 100644 --- a/tests/HttpUtils/ServerUrlTest.php +++ b/tests/HttpUtils/ServerUrlTest.php | |||
@@ -186,4 +186,36 @@ class ServerUrlTest extends PHPUnit_Framework_TestCase | |||
186 | ) | 186 | ) |
187 | ); | 187 | ); |
188 | } | 188 | } |
189 | |||
190 | /** | ||
191 | * Misconfigured server (see #1022): Proxy HTTP but 443 | ||
192 | */ | ||
193 | public function testHttpWithPort433() | ||
194 | { | ||
195 | $this->assertEquals( | ||
196 | 'https://host.tld', | ||
197 | server_url( | ||
198 | array( | ||
199 | 'HTTPS' => 'Off', | ||
200 | 'SERVER_NAME' => 'host.tld', | ||
201 | 'SERVER_PORT' => '80', | ||
202 | 'HTTP_X_FORWARDED_PROTO' => 'http', | ||
203 | 'HTTP_X_FORWARDED_PORT' => '443' | ||
204 | ) | ||
205 | ) | ||
206 | ); | ||
207 | |||
208 | $this->assertEquals( | ||
209 | 'https://host.tld', | ||
210 | server_url( | ||
211 | array( | ||
212 | 'HTTPS' => 'Off', | ||
213 | 'SERVER_NAME' => 'host.tld', | ||
214 | 'SERVER_PORT' => '80', | ||
215 | 'HTTP_X_FORWARDED_PROTO' => 'https, http', | ||
216 | 'HTTP_X_FORWARDED_PORT' => '443, 80' | ||
217 | ) | ||
218 | ) | ||
219 | ); | ||
220 | } | ||
189 | } | 221 | } |