bitPickups/friendica_2019-12_sharedHosting_hotFix
1
1
Fork 0
Code Pull requests Activity

Enable SSL on standard and well-known HTTP headers

Browse source 
Look for the `Forwarded` header with `proto=https`, as specified
in RFC7239 (strictly expecting no whitespace around the = sign).
This also add similar support for `X-Forwarded-Proto: https`,
`Front-End-Https: on` and `X-Forwarded-Ssl: on` (all case-sensitive).

Also add some documentation about this, and an NginX configuration
example, in INSTALL.txt

This should fix #757.

Signed-off-by: Olivier Mehani <shtrom+friendica@ssji.net>
This commit is contained in:
Olivier Mehani 2016-02-09 10:04:48 +00:00 committed by Olivier Mehani
commit e5c7a0cf93
2 changed files with 38 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
boot.php
View file

@ -582,10 +582,15 @@ class App {
$this->scheme = 'http';
if(x($_SERVER,'HTTPS') && $_SERVER['HTTPS'])
$this->scheme = 'https';
elseif(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443))
if((x($_SERVER,'HTTPS') && $_SERVER['HTTPS']) ||
(x($_SERVER['HTTP_FORWARDED']) && preg_match("/proto=https/", $_SERVER['HTTP_FORWARDED'])) ||
(x($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ||
(x($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on') ||
(x($_SERVER['FRONT_END_HTTPS']) && $_SERVER['FRONT_END_HTTPS'] == 'on') ||
(x($_SERVER,'SERVER_PORT') && (intval($_SERVER['SERVER_PORT']) == 443)) // XXX: reasonable assumption, but isn't this hardcoding too much?
) {
$this->scheme = 'https';
}
if(x($_SERVER,'SERVER_NAME')) {
$this->hostname = $_SERVER['SERVER_NAME'];