diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[HttpFoundation] Header HTTP_X_FORWARDED_PROTO can contain various values

Browse Source 
Some proxies use `ssl` instead of `https`, as well as Lighttpd mod_proxy allows
value chaining (`https, http`, where `https` is always first when request is encrypted).
This commit is contained in:
Joseph Bielawski 2013-09-23 10:18:01 +02:00
parent 55560e0590
commit d997443ab0
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/HttpFoundation/Request.php
View File

@ -1066,7 +1066,7 @@ class Request
public function isSecure()
{
if (self::$trustProxy && self::$trustedHeaders[self::HEADER_CLIENT_PROTO] && $proto = $this->headers->get(self::$trustedHeaders[self::HEADER_CLIENT_PROTO])) {
return in_array(strtolower($proto), array('https', 'on', '1'));
return in_array(strtolower(current(explode(',', $proto))), array('https', 'on', 'ssl', '1'));
}
return 'on' == strtolower($this->server->get('HTTPS')) || 1 == $this->server->get('HTTPS');

7
src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
View File

@ -1438,6 +1438,13 @@ class RequestTest extends \PHPUnit_Framework_TestCase
$this->assertEquals(443, $request->getPort());
$this->assertTrue($request->isSecure());
// check various X_FORWARDED_PROTO header values
$request->headers->set('X_FORWARDED_PROTO', 'ssl');
$this->assertTrue($request->isSecure());
$request->headers->set('X_FORWARDED_PROTO', 'https, http');
$this->assertTrue($request->isSecure());
// custom header names
Request::setTrustedHeaderName(Request::HEADER_CLIENT_IP, 'X_MY_FOR');
Request::setTrustedHeaderName(Request::HEADER_CLIENT_HOST, 'X_MY_HOST');