diff options
author | Thomas Steur <tsteur@users.noreply.github.com> | 2016-07-14 04:46:33 +0300 |
---|---|---|
committer | Matthieu Aubry <mattab@users.noreply.github.com> | 2016-07-14 04:46:33 +0300 |
commit | e2baedc4f8e20df5f9ccf78d465e1c95bb9efa98 (patch) | |
tree | 8809cbb78710e4072c121aa8f85960790ef0bb84 | |
parent | 7b7df7441774ee1989633bb7b3112e0294f921aa (diff) |
make sure we prefer forwarded proto header over regular header (#10081)
-rw-r--r-- | core/Url.php | 4 | ||||
-rw-r--r-- | tests/PHPUnit/Unit/UrlTest.php | 37 |
2 files changed, 41 insertions, 0 deletions
diff --git a/core/Url.php b/core/Url.php index 2a301a9b46..a0d480da33 100644 --- a/core/Url.php +++ b/core/Url.php @@ -711,6 +711,10 @@ class Url */ protected static function getCurrentSchemeFromRequestHeader() { + if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'http') { + return 'http'; + } + if ((isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] === true)) || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') ) { diff --git a/tests/PHPUnit/Unit/UrlTest.php b/tests/PHPUnit/Unit/UrlTest.php index 6f9c50d614..bb4a2ab1ba 100644 --- a/tests/PHPUnit/Unit/UrlTest.php +++ b/tests/PHPUnit/Unit/UrlTest.php @@ -73,6 +73,43 @@ class UrlTest extends \PHPUnit_Framework_TestCase } /** + * @dataProvider getProtocol + */ + public function test_getCurrentScheme_ProtoHeaderShouldPrecedenceHttpsHeader($proto) + { + $_SERVER['HTTPS'] = 'on'; + $_SERVER['HTTP_X_FORWARDED_PROTO'] = $proto; + $this->assertEquals($proto, Url::getCurrentScheme()); + + unset($_SERVER['HTTP_X_FORWARDED_PROTO']); + unset($_SERVER['HTTPS']); + } + + /** + * @dataProvider getProtocol + */ + public function test_getCurrentScheme_shouldDetectSecureFromHttpsHeader() + { + $_SERVER['HTTPS'] = 'on'; + $this->assertEquals('https', Url::getCurrentScheme()); + + unset($_SERVER['HTTPS']); + } + + /** + * @dataProvider getProtocol + */ + public function test_getCurrentScheme_shouldBeHttpByDefault() + { + $this->assertEquals('http', Url::getCurrentScheme()); + } + + public function getProtocol() + { + return array(array('http'), array('https')); + } + + /** * Dataprovider for testIsLocalUrl */ public function getLocalUrls() |