From c361f798795446512fe3161ac25aab50f02764eb Mon Sep 17 00:00:00 2001 From: brywaters Date: Wed, 1 Jun 2016 16:11:54 -0500 Subject: [PATCH 01/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Add code for SSL header handling in varnish.vcl, coordinate with setting of SSL offloading header - Change default SSL offloading header from Magento1 SSL-OFFLOADED to defacto standard 'X-Forwarded-Proto: https' - Move isSecure and getSchema implementations from Framework/App/Request/Http to HTTP/PhpEnvironment/Request to make consistent across application - Force esi includes to go over http because Varnish does not support https esi includes --- app/code/Magento/PageCache/Model/Config.php | 7 +- .../Observer/ProcessLayoutRenderElement.php | 2 + app/code/Magento/PageCache/etc/varnish3.vcl | 7 ++ app/code/Magento/PageCache/etc/varnish4.vcl | 6 +- app/code/Magento/Store/etc/config.xml | 2 +- .../Webapi/Test/Unit/Controller/SoapTest.php | 13 ++++ .../Magento/Store/Model/StoreTest.php | 6 +- .../Magento/Framework/App/Request/Http.php | 62 ++-------------- .../App/Test/Unit/Request/HttpTest.php | 19 +++-- .../Framework/HTTP/PhpEnvironment/Request.php | 72 ++++++++++++++++++- .../Magento/Framework/Test/Unit/UrlTest.php | 1 + 11 files changed, 126 insertions(+), 71 deletions(-) diff --git a/app/code/Magento/PageCache/Model/Config.php b/app/code/Magento/PageCache/Model/Config.php index 729da5f73f45c..ea84699216d55 100644 --- a/app/code/Magento/PageCache/Model/Config.php +++ b/app/code/Magento/PageCache/Model/Config.php @@ -147,7 +147,12 @@ protected function _getReplacements() \Magento\Store\Model\ScopeInterface::SCOPE_STORE ), '/* {{ ips }} */' => $this->_getAccessList(), - '/* {{ design_exceptions_code }} */' => $this->_getDesignExceptions() + '/* {{ design_exceptions_code }} */' => $this->_getDesignExceptions(), + //X_FORWARDED_PROTO will be $SERVER['HTTP_X_FORWARDED_PROTO'] and `X-Forwarded-Proto: https` in actual http headers + '/* {{ ssl_offloaded_header }} */' => str_replace("_", "-",$this->_scopeConfig->getValue( + \Magento\Framework\HTTP\PhpEnvironment\Request::XML_PATH_OFFLOADER_HEADER, + \Magento\Store\Model\ScopeInterface::SCOPE_STORE)) + ]; } diff --git a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php index f811e0386b56c..84d7c20eb6981 100644 --- a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php +++ b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php @@ -59,6 +59,8 @@ protected function _wrapEsi( 'handles' => json_encode($layout->getUpdate()->getHandles()) ] ); + //Varnish does not support esi over https must change to http + $url = (substr($url, 0, 5) === "https")? 'http' . substr($url, 5) : $url; return sprintf('', $url); } diff --git a/app/code/Magento/PageCache/etc/varnish3.vcl b/app/code/Magento/PageCache/etc/varnish3.vcl index 70a56aa46f052..219548f2eea89 100644 --- a/app/code/Magento/PageCache/etc/varnish3.vcl +++ b/app/code/Magento/PageCache/etc/varnish3.vcl @@ -1,5 +1,7 @@ import std; # The minimal Varnish version is 3.0.5 +# To handle offloaded ssl pass in the following http header: '/* {{ ssl_offloaded_header }} */: https' + backend default { .host = "/* {{ host }} */"; @@ -61,6 +63,7 @@ sub vcl_recv { # static files are always cacheable. remove SSL flag and cookie if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") { unset req.http.Https; + unset req.http./* {{ ssl_offloaded_header }} */ unset req.http.Cookie; } @@ -73,6 +76,10 @@ sub vcl_hash { if (req.http.cookie ~ "X-Magento-Vary=") { hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1")); } + + if (req.http./* {{ ssl_offloaded_header }} */) { + hash_data(req.http./* {{ ssl_offloaded_header }} */); + } /* {{ design_exceptions_code }} */ } diff --git a/app/code/Magento/PageCache/etc/varnish4.vcl b/app/code/Magento/PageCache/etc/varnish4.vcl index e3949fa8c62e0..4ba50d8f0a3de 100644 --- a/app/code/Magento/PageCache/etc/varnish4.vcl +++ b/app/code/Magento/PageCache/etc/varnish4.vcl @@ -2,6 +2,7 @@ vcl 4.0; import std; # The minimal Varnish version is 4.0 +# To handle offloaded ssl pass in the following http header: '/* {{ ssl_offloaded_header }} */: https' backend default { .host = "/* {{ host }} */"; @@ -74,6 +75,7 @@ sub vcl_recv { # static files are always cacheable. remove SSL flag and cookie if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") { unset req.http.Https; + unset req.http./* {{ ssl_offloaded_header }} */ unset req.http.Cookie; } @@ -93,8 +95,8 @@ sub vcl_hash { } # To make sure http users don't see ssl warning - if (req.http.X-Forwarded-Proto) { - hash_data(req.http.X-Forwarded-Proto); + if (req.http./* {{ ssl_offloaded_header }} */) { + hash_data(req.http./* {{ ssl_offloaded_header }} */); } /* {{ design_exceptions_code }} */ } diff --git a/app/code/Magento/Store/etc/config.xml b/app/code/Magento/Store/etc/config.xml index cf3abe126ea08..a63aadc8cd63c 100644 --- a/app/code/Magento/Store/etc/config.xml +++ b/app/code/Magento/Store/etc/config.xml @@ -76,7 +76,7 @@ {{secure_base_url}} 0 0 - SSL_OFFLOADED + X_FORWARDED_PROTO 0 diff --git a/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php b/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php index 32b2bfdcf352a..dd93b79f4e3dc 100644 --- a/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php +++ b/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php @@ -49,12 +49,16 @@ class SoapTest extends \PHPUnit_Framework_TestCase */ protected $_appStateMock; + + protected $_appconfig; /** * Set up Controller object. */ protected function setUp() { parent::setUp(); + + $objectManagerHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this); $this->_soapServerMock = $this->getMockBuilder('Magento\Webapi\Model\Soap\Server') ->disableOriginalConstructor() @@ -95,6 +99,15 @@ protected function setUp() ->method('getHeaders') ->will($this->returnValue(new \Zend\Http\Headers())); + $appconfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); + $objectManagerHelper->setBackwardCompatibleProperty( + $this->_requestMock, + '_appconfig', + $appconfig + ); + + + $this->_soapServerMock->expects($this->any())->method('setWSDL')->will($this->returnSelf()); $this->_soapServerMock->expects($this->any())->method('setEncoding')->will($this->returnSelf()); $this->_soapServerMock->expects($this->any())->method('setReturnResponse')->will($this->returnSelf()); diff --git a/dev/tests/integration/testsuite/Magento/Store/Model/StoreTest.php b/dev/tests/integration/testsuite/Magento/Store/Model/StoreTest.php index 8be53da3b14d2..1b34a887f2052 100644 --- a/dev/tests/integration/testsuite/Magento/Store/Model/StoreTest.php +++ b/dev/tests/integration/testsuite/Magento/Store/Model/StoreTest.php @@ -372,7 +372,7 @@ public function isUseStoreInUrlDataProvider() * * @param bool $expected * @param array $serverValues - * @magentoConfigFixture current_store web/secure/offloader_header SSL_OFFLOADED + * @magentoConfigFixture current_store web/secure/offloader_header X_FORWARDED_PROTO * @magentoConfigFixture current_store web/secure/base_url https://example.com:80 */ public function testIsCurrentlySecure($expected, $serverValues) @@ -391,8 +391,8 @@ public function isCurrentlySecureDataProvider() { return [ [true, ['HTTPS' => 'on']], - [true, ['SSL_OFFLOADED' => 'https']], - [true, ['HTTP_SSL_OFFLOADED' => 'https']], + [true, ['X_FORWARDED_PROTO' => 'https']], + [true, ['HTTP_X_FORWARDED_PROTO' => 'https']], [true, ['HTTPS' => 'on', 'SERVER_PORT' => 80]], [false, ['SERVER_PORT' => 80]], [false, []], diff --git a/lib/internal/Magento/Framework/App/Request/Http.php b/lib/internal/Magento/Framework/App/Request/Http.php index 2bb5380be937a..feb9e40a3db11 100644 --- a/lib/internal/Magento/Framework/App/Request/Http.php +++ b/lib/internal/Magento/Framework/App/Request/Http.php @@ -5,7 +5,6 @@ */ namespace Magento\Framework\App\Request; -use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\App\RequestInterface; use Magento\Framework\App\RequestSafetyInterface; use Magento\Framework\App\Route\ConfigInterface\Proxy as ConfigInterface; @@ -318,16 +317,14 @@ public function getDistroBaseUrl() { $headerHttpHost = $this->getServer('HTTP_HOST'); $headerHttpHost = $this->converter->cleanString($headerHttpHost); - $headerServerPort = $this->getServer('SERVER_PORT'); $headerScriptName = $this->getServer('SCRIPT_NAME'); - $headerHttps = $this->getServer('HTTPS'); if (isset($headerScriptName) && isset($headerHttpHost)) { - $secure = !empty($headerHttps) - && $headerHttps != 'off' - || isset($headerServerPort) - && $headerServerPort == '443'; - $scheme = ($secure ? 'https' : 'http') . '://'; + if($secure = $this->isSecure()){ + $scheme = 'https://'; + } else { + $scheme = 'http://'; + } $hostArr = explode(':', $headerHttpHost); $host = $hostArr[0]; @@ -403,29 +400,7 @@ public function __sleep() return []; } - /** - * {@inheritdoc} - * - * @return bool - */ - public function isSecure() - { - if ($this->immediateRequestSecure()) { - return true; - } - /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not - installed MAGETWO-31756 */ - // Check if a proxy sent a header indicating an initial secure request - $config = $this->objectManager->get('Magento\Framework\App\Config'); - $offLoaderHeader = trim( - (string)$config->getValue( - self::XML_PATH_OFFLOADER_HEADER, - ScopeConfigInterface::SCOPE_TYPE_DEFAULT - ) - ); - - return $this->initialRequestSecure($offLoaderHeader); - } + /** * {@inheritdoc} @@ -442,28 +417,5 @@ public function isSafeMethod() return $this->isSafeMethod; } - /** - * Checks if the immediate request is delivered over HTTPS - * - * @return bool - */ - protected function immediateRequestSecure() - { - $https = $this->getServer('HTTPS'); - return !empty($https) && ($https != 'off'); - } - - /** - * In case there is a proxy server, checks if the initial request to the proxy was delivered over HTTPS - * - * @param string $offLoaderHeader - * @return bool - */ - protected function initialRequestSecure($offLoaderHeader) - { - $header = $this->getServer($offLoaderHeader); - $httpHeader = $this->getServer('HTTP_' . $offLoaderHeader); - return !empty($offLoaderHeader) - && (isset($header) && ($header === 'https') || isset($httpHeader) && ($httpHeader === 'https')); - } + } diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index 1dd2e50fd8334..fecb39bbc6534 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -77,10 +77,10 @@ public function tearDown() /** * @return \Magento\Framework\App\Request\Http */ - private function getModel($uri = null) + private function getModel($uri = null, $mockAppConfig = true) { $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); - return $testFrameworkObjectManager->getObject( + $model = $testFrameworkObjectManager->getObject( 'Magento\Framework\App\Request\Http', [ 'routeConfig' => $this->_routerListMock, @@ -90,6 +90,13 @@ private function getModel($uri = null) 'uri' => $uri, ] ); + + if($mockAppConfig){ + $MockAppConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); + $testFrameworkObjectManager->setBackwardCompatibleProperty($model, '_appconfig', $MockAppConfig ); + } + + return $model; } public function testGetOriginalPathInfoWithTestUri() @@ -329,7 +336,7 @@ public function serverVariablesProvider() */ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $headerOffloadValue, $configCall) { - $this->_model = $this->getModel(); + $this->_model = $this->getModel(null, false); $configOffloadHeader = 'Header-From-Proxy'; $configMock = $this->getMockBuilder('Magento\Framework\App\Config') ->disableOriginalConstructor() @@ -339,10 +346,8 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->method('getValue') ->with(\Magento\Framework\App\Request\Http::XML_PATH_OFFLOADER_HEADER, ScopeConfigInterface::SCOPE_TYPE_DEFAULT) ->willReturn($configOffloadHeader); - $this->objectManager->expects($this->exactly($configCall)) - ->method('get') - ->with('Magento\Framework\App\Config') - ->will($this->returnValue($configMock)); + $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); + $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"_appconfig" ,$configMock); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 562346560c0b8..a5c7fab7b77c4 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -22,6 +22,9 @@ class Request extends \Zend\Http\PhpEnvironment\Request const SCHEME_HTTPS = 'https'; /**#@-*/ + // Configuration path + const XML_PATH_OFFLOADER_HEADER = 'web/secure/offloader_header'; + /** * @var string */ @@ -85,6 +88,12 @@ class Request extends \Zend\Http\PhpEnvironment\Request */ protected $converter; + /** + * @var /Magento/Framework/App/Config + */ + protected $_appconfig; + + /** * @param CookieReaderInterface $cookieReader * @param StringUtils $converter @@ -364,7 +373,7 @@ public function clearParams() */ public function getScheme() { - return ($this->getServer('HTTPS') == 'on') ? self::SCHEME_HTTPS : self::SCHEME_HTTP; + return ($this->isSecure())? self::SCHEME_HTTPS : self::SCHEME_HTTP; } /** @@ -396,7 +405,66 @@ public function isDispatched() */ public function isSecure() { - return ($this->getScheme() == self::SCHEME_HTTPS); + if ($this->immediateRequestSecure()) { + return true; + } + /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not + installed MAGETWO-31756 */ + // Check if a proxy sent a header indicating an initial secure request + $config = $this->getAppConfig(); + $offLoaderHeader = trim( + (string)$config->getValue( + self::XML_PATH_OFFLOADER_HEADER, + \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT + ) + ); + + return $this->initialRequestSecure($offLoaderHeader); + } + + /** + * Create an instance of Magento\Framework\App\Config + * + * @return \Magento\Framework\App\Config + * + * @deprecated + */ + private function getAppConfig(){ + if ($this->_appconfig == null){ + $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); + $this->_appconfig = $objectManager->get('Magento\Framework\App\Config'); + } + + return $this->_appconfig; + + } + + + /** + * Checks if the immediate request is delivered over HTTPS + * + * @return bool + */ + protected function immediateRequestSecure() + { + $https = $this->getServer('HTTPS'); + $headerServerPort = $this->getServer('SERVER_PORT'); + return !empty($https) && ($https != 'off') || (isset($headerServerPort) && $headerServerPort == "443"); + } + + + /** + * In case there is a proxy server, checks if the initial request to the proxy was delivered over HTTPS + * + * @param string $offLoaderHeader + * @return bool + */ + protected function initialRequestSecure($offLoaderHeader) + { + $header = $this->getServer($offLoaderHeader); + $httpHeader = $this->getServer('HTTP_' . $offLoaderHeader); + return !empty($offLoaderHeader) + && (isset($header) && ($header === 'https') || isset($httpHeader) && ($httpHeader === 'https')); } /** diff --git a/lib/internal/Magento/Framework/Test/Unit/UrlTest.php b/lib/internal/Magento/Framework/Test/Unit/UrlTest.php index a1ecfb2ed4f88..95163d1ed8ae7 100644 --- a/lib/internal/Magento/Framework/Test/Unit/UrlTest.php +++ b/lib/internal/Magento/Framework/Test/Unit/UrlTest.php @@ -491,6 +491,7 @@ public function getRebuiltUrlDataProvider() return [ 'with port' => ['https://example.com:88/index.php/catalog/index/view?query=123#hash'], 'without port' => ['https://example.com/index.php/catalog/index/view?query=123#hash'], + 'http' => ['http://example.com/index.php/catalog/index/view?query=123#hash'] ]; } From 433ce823b92f267c0ba28a9ac288940f17340c67 Mon Sep 17 00:00:00 2001 From: brywaters Date: Wed, 1 Jun 2016 16:46:03 -0500 Subject: [PATCH 02/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Fix capitalization for standard SSL Offload header'X-Forwarded-Proto: https' --- app/code/Magento/Store/etc/config.xml | 2 +- .../Magento/Framework/HTTP/PhpEnvironment/Request.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Store/etc/config.xml b/app/code/Magento/Store/etc/config.xml index a63aadc8cd63c..4bfa29201e2a5 100644 --- a/app/code/Magento/Store/etc/config.xml +++ b/app/code/Magento/Store/etc/config.xml @@ -76,7 +76,7 @@ {{secure_base_url}} 0 0 - X_FORWARDED_PROTO + X_Forwarded_Proto 0 diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index a5c7fab7b77c4..033cd77ba7aba 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -418,8 +418,8 @@ public function isSecure() \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT ) ); - - return $this->initialRequestSecure($offLoaderHeader); + //Store the normally cased version in db for use in varnish config, Apache uppercases all server headers. + return $this->initialRequestSecure(strtoupper($offLoaderHeader)); } /** From 374a71b0a453d3d722b51d5da2c5697822cb3b16 Mon Sep 17 00:00:00 2001 From: brywaters Date: Wed, 1 Jun 2016 16:47:14 -0500 Subject: [PATCH 03/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Fix syntax error with new vcl --- app/code/Magento/PageCache/etc/varnish3.vcl | 2 +- app/code/Magento/PageCache/etc/varnish4.vcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/PageCache/etc/varnish3.vcl b/app/code/Magento/PageCache/etc/varnish3.vcl index 219548f2eea89..1593487f2bf00 100644 --- a/app/code/Magento/PageCache/etc/varnish3.vcl +++ b/app/code/Magento/PageCache/etc/varnish3.vcl @@ -63,7 +63,7 @@ sub vcl_recv { # static files are always cacheable. remove SSL flag and cookie if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") { unset req.http.Https; - unset req.http./* {{ ssl_offloaded_header }} */ + unset req.http./* {{ ssl_offloaded_header }} */; unset req.http.Cookie; } diff --git a/app/code/Magento/PageCache/etc/varnish4.vcl b/app/code/Magento/PageCache/etc/varnish4.vcl index 4ba50d8f0a3de..0b8826318dc34 100644 --- a/app/code/Magento/PageCache/etc/varnish4.vcl +++ b/app/code/Magento/PageCache/etc/varnish4.vcl @@ -75,7 +75,7 @@ sub vcl_recv { # static files are always cacheable. remove SSL flag and cookie if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") { unset req.http.Https; - unset req.http./* {{ ssl_offloaded_header }} */ + unset req.http./* {{ ssl_offloaded_header }} */; unset req.http.Cookie; } From 5c28583973fc528e3007cafff9291354c467716a Mon Sep 17 00:00:00 2001 From: brywaters Date: Thu, 2 Jun 2016 10:16:22 -0500 Subject: [PATCH 04/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Syntax changes - Transforming HTTP headers from HTTP to $_SERVER syntax so value in config can be actual http header --- .../Observer/ProcessLayoutRenderElement.php | 4 +-- app/code/Magento/Store/etc/config.xml | 2 +- .../Webapi/Test/Unit/Controller/SoapTest.php | 2 +- index.php | 2 +- .../App/Test/Unit/Request/HttpTest.php | 28 +++++++++---------- .../Framework/HTTP/PhpEnvironment/Request.php | 23 +++++++-------- 6 files changed, 29 insertions(+), 32 deletions(-) diff --git a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php index 84d7c20eb6981..51b83440d79a2 100644 --- a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php +++ b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php @@ -59,8 +59,8 @@ protected function _wrapEsi( 'handles' => json_encode($layout->getUpdate()->getHandles()) ] ); - //Varnish does not support esi over https must change to http - $url = (substr($url, 0, 5) === "https")? 'http' . substr($url, 5) : $url; + // Varnish does not support esi over https must change to http + $url = (substr($url, 0, 5) === 'https')?'http' . substr($url, 5) : $url; return sprintf('', $url); } diff --git a/app/code/Magento/Store/etc/config.xml b/app/code/Magento/Store/etc/config.xml index 4bfa29201e2a5..6bcc78be7baa4 100644 --- a/app/code/Magento/Store/etc/config.xml +++ b/app/code/Magento/Store/etc/config.xml @@ -76,7 +76,7 @@ {{secure_base_url}} 0 0 - X_Forwarded_Proto + X-Forwarded-Proto 0 diff --git a/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php b/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php index dd93b79f4e3dc..8698cb47dcc19 100644 --- a/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php +++ b/app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php @@ -102,7 +102,7 @@ protected function setUp() $appconfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); $objectManagerHelper->setBackwardCompatibleProperty( $this->_requestMock, - '_appconfig', + 'appConfig', $appconfig ); diff --git a/index.php b/index.php index c47a55e1e2550..78c1772db0cc4 100644 --- a/index.php +++ b/index.php @@ -32,7 +32,7 @@ HTML; exit(1); } - +error_log(print_r($_SERVER, true),3,'/Users/brywaters/Documents/workspace/magento2/magento2ce/request.log'); $bootstrap = \Magento\Framework\App\Bootstrap::create(BP, $_SERVER); /** @var \Magento\Framework\App\Http $app */ $app = $bootstrap->createApplication('Magento\Framework\App\Http'); diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index fecb39bbc6534..2c3aa27ff2daa 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -93,7 +93,7 @@ private function getModel($uri = null, $mockAppConfig = true) if($mockAppConfig){ $MockAppConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); - $testFrameworkObjectManager->setBackwardCompatibleProperty($model, '_appconfig', $MockAppConfig ); + $testFrameworkObjectManager->setBackwardCompatibleProperty($model, 'appConfig', $MockAppConfig ); } return $model; @@ -347,7 +347,7 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->with(\Magento\Framework\App\Request\Http::XML_PATH_OFFLOADER_HEADER, ScopeConfigInterface::SCOPE_TYPE_DEFAULT) ->willReturn($configOffloadHeader); $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); - $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"_appconfig" ,$configMock); + $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"appConfig" ,$configMock); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); @@ -414,18 +414,18 @@ public function isSecureDataProvider() * ] */ return [ - 'Test 1' => [true, 'on', 'Header-From-Proxy', 'https', 0], - 'Test 2' => [true, 'off', 'Header-From-Proxy', 'https', 1], - 'Test 3' => [true, 'any-string', 'Header-From-Proxy', 'https', 0], - 'Test 4' => [true, 'on', 'Header-From-Proxy', 'http', 0], - 'Test 5' => [false, 'off', 'Header-From-Proxy', 'http', 1], - 'Test 6' => [true, 'any-string', 'Header-From-Proxy', 'http', 0], - 'Test 7' => [true, 'on', 'Header-From-Proxy', 'any-string', 0], - 'Test 8' => [false, 'off', 'Header-From-Proxy', 'any-string', 1], - 'Test 9' => [true, 'any-string', 'Header-From-Proxy', 'any-string', 0], - 'blank HTTPS with proxy set https' => [true, '', 'Header-From-Proxy', 'https', 1], - 'blank HTTPS with proxy set http' => [false, '', 'Header-From-Proxy', 'http', 1], - 'HTTPS off with HTTP_ prefixed proxy set to https' => [true, 'off', 'HTTP_Header-From-Proxy', 'https', 1], + 'Test 1' => [true, 'on', 'HEADER_FROM_PROXY', 'https', 0], + 'Test 2' => [true, 'off', 'HEADER_FROM_PROXY', 'https', 1], + 'Test 3' => [true, 'any-string', 'HEADER_FROM_PROXY', 'https', 0], + 'Test 4' => [true, 'on', 'HEADER_FROM_PROXY', 'http', 0], + 'Test 5' => [false, 'off', 'HEADER_FROM_PROXY', 'http', 1], + 'Test 6' => [true, 'any-string', 'HEADER_FROM_PROXY', 'http', 0], + 'Test 7' => [true, 'on', 'HEADER_FROM_PROXY', 'any-string', 0], + 'Test 8' => [false, 'off', 'HEADER_FROM_PROXY', 'any-string', 1], + 'Test 9' => [true, 'any-string', 'HEADER_FROM_PROXY', 'any-string', 0], + 'blank HTTPS with proxy set https' => [true, '', 'HEADER_FROM_PROXY', 'https', 1], + 'blank HTTPS with proxy set http' => [false, '', 'HEADER_FROM_PROXY', 'http', 1], + 'HTTPS off with HTTP_ prefixed proxy set to https' => [true, 'off', 'HTTP_HEADER_FROM_PROXY', 'https', 1], ]; } } diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 033cd77ba7aba..7d1f8d1bd3028 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -22,7 +22,7 @@ class Request extends \Zend\Http\PhpEnvironment\Request const SCHEME_HTTPS = 'https'; /**#@-*/ - // Configuration path + // Configuration path for SSL Offload http header const XML_PATH_OFFLOADER_HEADER = 'web/secure/offloader_header'; /** @@ -91,7 +91,7 @@ class Request extends \Zend\Http\PhpEnvironment\Request /** * @var /Magento/Framework/App/Config */ - protected $_appconfig; + protected $appConfig; /** @@ -373,7 +373,7 @@ public function clearParams() */ public function getScheme() { - return ($this->isSecure())? self::SCHEME_HTTPS : self::SCHEME_HTTP; + return $this->isSecure() ? self::SCHEME_HTTPS : self::SCHEME_HTTP; } /** @@ -411,15 +411,13 @@ public function isSecure() /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not installed MAGETWO-31756 */ // Check if a proxy sent a header indicating an initial secure request - $config = $this->getAppConfig(); $offLoaderHeader = trim( - (string)$config->getValue( + (string)$this->getAppConfig()->getValue( self::XML_PATH_OFFLOADER_HEADER, \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT ) ); - //Store the normally cased version in db for use in varnish config, Apache uppercases all server headers. - return $this->initialRequestSecure(strtoupper($offLoaderHeader)); + return $this->initialRequestSecure($offLoaderHeader); } /** @@ -430,16 +428,13 @@ public function isSecure() * @deprecated */ private function getAppConfig(){ - if ($this->_appconfig == null){ + if ($this->appConfig == null){ $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); - $this->_appconfig = $objectManager->get('Magento\Framework\App\Config'); + $this->appConfig = $objectManager->get('Magento\Framework\App\Config'); } - - return $this->_appconfig; - + return $this->appConfig; } - /** * Checks if the immediate request is delivered over HTTPS * @@ -461,6 +456,8 @@ protected function immediateRequestSecure() */ protected function initialRequestSecure($offLoaderHeader) { + // Transform http header to $_SERVER format ie X-Forwarded-Proto becomes $_SERVER['HTTP_X_FORWARDED_PROTO'] + $offLoaderHeader = str_replace("-", "_",strtoupper($offLoaderHeader)); $header = $this->getServer($offLoaderHeader); $httpHeader = $this->getServer('HTTP_' . $offLoaderHeader); return !empty($offLoaderHeader) From fc5c2ea168ee8b7ecd727bed208e4deffce5c787 Mon Sep 17 00:00:00 2001 From: brywaters Date: Thu, 2 Jun 2016 10:33:48 -0500 Subject: [PATCH 05/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Revert debugging code --- index.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/index.php b/index.php index 78c1772db0cc4..c47a55e1e2550 100644 --- a/index.php +++ b/index.php @@ -32,7 +32,7 @@ HTML; exit(1); } -error_log(print_r($_SERVER, true),3,'/Users/brywaters/Documents/workspace/magento2/magento2ce/request.log'); + $bootstrap = \Magento\Framework\App\Bootstrap::create(BP, $_SERVER); /** @var \Magento\Framework\App\Http $app */ $app = $bootstrap->createApplication('Magento\Framework\App\Http'); From f588b5bdb7f941e7494be4342a53ebe3e6dce372 Mon Sep 17 00:00:00 2001 From: brywaters Date: Thu, 2 Jun 2016 11:29:20 -0500 Subject: [PATCH 06/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Fix annotation --- lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 7d1f8d1bd3028..7c8d02af8e615 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -89,7 +89,7 @@ class Request extends \Zend\Http\PhpEnvironment\Request protected $converter; /** - * @var /Magento/Framework/App/Config + * @var \Magento\Framework\App\Config */ protected $appConfig; From b02932855a6070f5c270339532dbfa7afed08a6e Mon Sep 17 00:00:00 2001 From: brywaters Date: Fri, 3 Jun 2016 13:58:24 -0500 Subject: [PATCH 07/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Syntax changes - Better commenting on varnish files --- app/code/Magento/PageCache/Model/Config.php | 3 ++- .../Observer/ProcessLayoutRenderElement.php | 2 +- app/code/Magento/PageCache/etc/varnish3.vcl | 2 +- app/code/Magento/PageCache/etc/varnish4.vcl | 2 +- .../Magento/Framework/App/Request/Http.php | 9 ++------- .../Framework/HTTP/PhpEnvironment/Request.php | 14 ++++++-------- 6 files changed, 13 insertions(+), 19 deletions(-) diff --git a/app/code/Magento/PageCache/Model/Config.php b/app/code/Magento/PageCache/Model/Config.php index ea84699216d55..19eba8347966e 100644 --- a/app/code/Magento/PageCache/Model/Config.php +++ b/app/code/Magento/PageCache/Model/Config.php @@ -148,7 +148,8 @@ protected function _getReplacements() ), '/* {{ ips }} */' => $this->_getAccessList(), '/* {{ design_exceptions_code }} */' => $this->_getDesignExceptions(), - //X_FORWARDED_PROTO will be $SERVER['HTTP_X_FORWARDED_PROTO'] and `X-Forwarded-Proto: https` in actual http headers + // http headers get transformed by php `X-Forwarded-Proto: https` becomes $SERVER['HTTP_X_FORWARDED_PROTO'] = 'https' + // Apache and Nginx drop all headers with underlines by default. '/* {{ ssl_offloaded_header }} */' => str_replace("_", "-",$this->_scopeConfig->getValue( \Magento\Framework\HTTP\PhpEnvironment\Request::XML_PATH_OFFLOADER_HEADER, \Magento\Store\Model\ScopeInterface::SCOPE_STORE)) diff --git a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php index 51b83440d79a2..ab066a9e28b82 100644 --- a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php +++ b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php @@ -60,7 +60,7 @@ protected function _wrapEsi( ] ); // Varnish does not support esi over https must change to http - $url = (substr($url, 0, 5) === 'https')?'http' . substr($url, 5) : $url; + $url = (substr($url, 0, 5) === 'https') ? 'http' . substr($url, 5) : $url; return sprintf('', $url); } diff --git a/app/code/Magento/PageCache/etc/varnish3.vcl b/app/code/Magento/PageCache/etc/varnish3.vcl index 1593487f2bf00..763e462756d94 100644 --- a/app/code/Magento/PageCache/etc/varnish3.vcl +++ b/app/code/Magento/PageCache/etc/varnish3.vcl @@ -1,6 +1,6 @@ import std; # The minimal Varnish version is 3.0.5 -# To handle offloaded ssl pass in the following http header: '/* {{ ssl_offloaded_header }} */: https' +# For SSL offloading, pass the following header in your proxy server or load balancer: '/* {{ ssl_offloaded_header }} */: https' backend default { diff --git a/app/code/Magento/PageCache/etc/varnish4.vcl b/app/code/Magento/PageCache/etc/varnish4.vcl index 4df652e68c192..49a8fe1585519 100644 --- a/app/code/Magento/PageCache/etc/varnish4.vcl +++ b/app/code/Magento/PageCache/etc/varnish4.vcl @@ -2,7 +2,7 @@ vcl 4.0; import std; # The minimal Varnish version is 4.0 -# To handle offloaded ssl pass in the following http header: '/* {{ ssl_offloaded_header }} */: https' +# For SSL offloading, pass the following header in your proxy server or load balancer: '/* {{ ssl_offloaded_header }} */: https' backend default { .host = "/* {{ host }} */"; diff --git a/lib/internal/Magento/Framework/App/Request/Http.php b/lib/internal/Magento/Framework/App/Request/Http.php index feb9e40a3db11..546e3983a1f75 100644 --- a/lib/internal/Magento/Framework/App/Request/Http.php +++ b/lib/internal/Magento/Framework/App/Request/Http.php @@ -320,16 +320,11 @@ public function getDistroBaseUrl() $headerScriptName = $this->getServer('SCRIPT_NAME'); if (isset($headerScriptName) && isset($headerHttpHost)) { - if($secure = $this->isSecure()){ - $scheme = 'https://'; - } else { - $scheme = 'http://'; - } - + $scheme = $this->isSecure() ? 'https://' : 'http://'; $hostArr = explode(':', $headerHttpHost); $host = $hostArr[0]; $port = isset($hostArr[1]) - && (!$secure && $hostArr[1] != 80 || $secure && $hostArr[1] != 443) ? ':' . $hostArr[1] : ''; + && (!$this->isSecure() && $hostArr[1] != 80 || $this->isSecure() && $hostArr[1] != 443) ? ':' . $hostArr[1] : ''; $path = $this->getBasePath(); return $scheme . $host . $port . rtrim($path, '/') . '/'; diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 7c8d02af8e615..f2fdfb9a1256a 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -92,8 +92,7 @@ class Request extends \Zend\Http\PhpEnvironment\Request * @var \Magento\Framework\App\Config */ protected $appConfig; - - + /** * @param CookieReaderInterface $cookieReader * @param StringUtils $converter @@ -429,8 +428,7 @@ public function isSecure() */ private function getAppConfig(){ if ($this->appConfig == null){ - $objectManager = \Magento\Framework\App\ObjectManager::getInstance(); - $this->appConfig = $objectManager->get('Magento\Framework\App\Config'); + $this->appConfig = \Magento\Framework\App\ObjectManager::getInstance()->get(\Magento\Framework\App\Config::class); } return $this->appConfig; } @@ -444,10 +442,9 @@ protected function immediateRequestSecure() { $https = $this->getServer('HTTPS'); $headerServerPort = $this->getServer('SERVER_PORT'); - return !empty($https) && ($https != 'off') || (isset($headerServerPort) && $headerServerPort == "443"); + return (!empty($https) && $https != 'off') || $headerServerPort == '443'; } - /** * In case there is a proxy server, checks if the initial request to the proxy was delivered over HTTPS * @@ -458,10 +455,11 @@ protected function initialRequestSecure($offLoaderHeader) { // Transform http header to $_SERVER format ie X-Forwarded-Proto becomes $_SERVER['HTTP_X_FORWARDED_PROTO'] $offLoaderHeader = str_replace("-", "_",strtoupper($offLoaderHeader)); + //some webservers do not append HTTP_ $header = $this->getServer($offLoaderHeader); + // apache appends HTTP_ $httpHeader = $this->getServer('HTTP_' . $offLoaderHeader); - return !empty($offLoaderHeader) - && (isset($header) && ($header === 'https') || isset($httpHeader) && ($httpHeader === 'https')); + return !empty($offLoaderHeader) && ($header === 'https' || $httpHeader === 'https'); } /** From 7dfec6195209c8a9cbd4448b0fbc8782bd4a78c1 Mon Sep 17 00:00:00 2001 From: brywaters Date: Fri, 3 Jun 2016 14:30:33 -0500 Subject: [PATCH 08/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Syntax changes --- app/code/Magento/PageCache/Model/Config.php | 2 +- lib/internal/Magento/Framework/App/Request/Http.php | 9 +++++++-- .../Magento/Framework/HTTP/PhpEnvironment/Request.php | 10 ++++++---- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/app/code/Magento/PageCache/Model/Config.php b/app/code/Magento/PageCache/Model/Config.php index 19eba8347966e..222d9d57e467a 100644 --- a/app/code/Magento/PageCache/Model/Config.php +++ b/app/code/Magento/PageCache/Model/Config.php @@ -150,7 +150,7 @@ protected function _getReplacements() '/* {{ design_exceptions_code }} */' => $this->_getDesignExceptions(), // http headers get transformed by php `X-Forwarded-Proto: https` becomes $SERVER['HTTP_X_FORWARDED_PROTO'] = 'https' // Apache and Nginx drop all headers with underlines by default. - '/* {{ ssl_offloaded_header }} */' => str_replace("_", "-",$this->_scopeConfig->getValue( + '/* {{ ssl_offloaded_header }} */' => str_replace('_', '-', $this->_scopeConfig->getValue( \Magento\Framework\HTTP\PhpEnvironment\Request::XML_PATH_OFFLOADER_HEADER, \Magento\Store\Model\ScopeInterface::SCOPE_STORE)) diff --git a/lib/internal/Magento/Framework/App/Request/Http.php b/lib/internal/Magento/Framework/App/Request/Http.php index 546e3983a1f75..fcfa206e34621 100644 --- a/lib/internal/Magento/Framework/App/Request/Http.php +++ b/lib/internal/Magento/Framework/App/Request/Http.php @@ -320,11 +320,16 @@ public function getDistroBaseUrl() $headerScriptName = $this->getServer('SCRIPT_NAME'); if (isset($headerScriptName) && isset($headerHttpHost)) { - $scheme = $this->isSecure() ? 'https://' : 'http://'; + if($secure = $this->isSecure()) { + $scheme = 'https://'; + } else { + $scheme = 'http://'; + } + $hostArr = explode(':', $headerHttpHost); $host = $hostArr[0]; $port = isset($hostArr[1]) - && (!$this->isSecure() && $hostArr[1] != 80 || $this->isSecure() && $hostArr[1] != 443) ? ':' . $hostArr[1] : ''; + && (!$secure && $hostArr[1] != 80 || $secure && $hostArr[1] != 443) ? ':' . $hostArr[1] : ''; $path = $this->getBasePath(); return $scheme . $host . $port . rtrim($path, '/') . '/'; diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index f2fdfb9a1256a..ee42695508118 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -426,9 +426,11 @@ public function isSecure() * * @deprecated */ - private function getAppConfig(){ - if ($this->appConfig == null){ - $this->appConfig = \Magento\Framework\App\ObjectManager::getInstance()->get(\Magento\Framework\App\Config::class); + private function getAppConfig() + { + if ($this->appConfig == null) { + $this->appConfig = + \Magento\Framework\App\ObjectManager::getInstance()->get(\Magento\Framework\App\Config::class); } return $this->appConfig; } @@ -454,7 +456,7 @@ protected function immediateRequestSecure() protected function initialRequestSecure($offLoaderHeader) { // Transform http header to $_SERVER format ie X-Forwarded-Proto becomes $_SERVER['HTTP_X_FORWARDED_PROTO'] - $offLoaderHeader = str_replace("-", "_",strtoupper($offLoaderHeader)); + $offLoaderHeader = str_replace('-', '_', strtoupper($offLoaderHeader)); //some webservers do not append HTTP_ $header = $this->getServer($offLoaderHeader); // apache appends HTTP_ From 5d7658634a8018908906ab7061b699d1c90df779 Mon Sep 17 00:00:00 2001 From: brywaters Date: Fri, 3 Jun 2016 15:27:02 -0500 Subject: [PATCH 09/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Fixed Comments --- .../Magento/Framework/HTTP/PhpEnvironment/Request.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index ee42695508118..3d8f63d537e2e 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -457,9 +457,9 @@ protected function initialRequestSecure($offLoaderHeader) { // Transform http header to $_SERVER format ie X-Forwarded-Proto becomes $_SERVER['HTTP_X_FORWARDED_PROTO'] $offLoaderHeader = str_replace('-', '_', strtoupper($offLoaderHeader)); - //some webservers do not append HTTP_ + // Some webservers do not append HTTP_ $header = $this->getServer($offLoaderHeader); - // apache appends HTTP_ + // Apache appends HTTP_ $httpHeader = $this->getServer('HTTP_' . $offLoaderHeader); return !empty($offLoaderHeader) && ($header === 'https' || $httpHeader === 'https'); } From aec09612506d9f21c4a409f2c5a711f8e3d9b198 Mon Sep 17 00:00:00 2001 From: brywaters Date: Fri, 3 Jun 2016 16:27:00 -0500 Subject: [PATCH 10/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Port 443 is logically a number --- lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 3d8f63d537e2e..fd2b3d3b117ed 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -444,7 +444,7 @@ protected function immediateRequestSecure() { $https = $this->getServer('HTTPS'); $headerServerPort = $this->getServer('SERVER_PORT'); - return (!empty($https) && $https != 'off') || $headerServerPort == '443'; + return (!empty($https) && $https != 'off') || $headerServerPort == 443; } /** From e8063045968e462c3318ac70985e2a23ab567adf Mon Sep 17 00:00:00 2001 From: Dale Sikkema Date: Mon, 6 Jun 2016 14:45:55 -0500 Subject: [PATCH 11/28] MAGETWO-52867: [APPSEC-1446] Sensitive server information disclosure upon specific URL requests --- .htaccess | 6 +- .../Magento/Framework/App/Bootstrap.php | 18 +++--- .../Magento/Framework/App/StaticResource.php | 59 ++++++++++--------- .../Framework/App/Test/Unit/BootstrapTest.php | 39 +++++++----- .../App/Test/Unit/StaticResourceTest.php | 19 +++--- nginx.conf.sample | 4 +- pub/get.php | 4 +- 7 files changed, 85 insertions(+), 64 deletions(-) diff --git a/.htaccess b/.htaccess index a9ecde6a53358..9db22a53dde42 100644 --- a/.htaccess +++ b/.htaccess @@ -206,7 +206,7 @@ ########################################### ## Deny access to root files to hide sensitive application information - RedirectMatch 404 /\.git + RedirectMatch 403 /\.git order allow,deny @@ -281,6 +281,10 @@ deny from all +# For 404s and 403s that aren't handled by the application, show plain 404 response +ErrorDocument 404 /pub/errors/404.php +ErrorDocument 403 /pub/errors/404.php + ################################ ## If running in cluster environment, uncomment this ## http://developer.yahoo.com/performance/rules.html#etags diff --git a/lib/internal/Magento/Framework/App/Bootstrap.php b/lib/internal/Magento/Framework/App/Bootstrap.php index 6658b099c1204..2f93054b9f7ce 100644 --- a/lib/internal/Magento/Framework/App/Bootstrap.php +++ b/lib/internal/Magento/Framework/App/Bootstrap.php @@ -404,15 +404,17 @@ public function getErrorCode() */ public function isDeveloperMode() { - if (isset($this->server[State::PARAM_MODE]) && $this->server[State::PARAM_MODE] == State::MODE_DEVELOPER) { - return true; - } - /** @var \Magento\Framework\App\DeploymentConfig $deploymentConfig */ - $deploymentConfig = $this->getObjectManager()->get('Magento\Framework\App\DeploymentConfig'); - if ($deploymentConfig->get(State::PARAM_MODE) == State::MODE_DEVELOPER) { - return true; + $mode = 'default'; + if (isset($this->server[State::PARAM_MODE])) { + $mode = $this->server[State::PARAM_MODE]; + } else { + $deploymentConfig = $this->getObjectManager()->get(DeploymentConfig::class); + if (($configMode = $deploymentConfig->get(State::PARAM_MODE)) !== null) { + $mode = $configMode; + } } - return false; + + return $mode == State::MODE_DEVELOPER; } /** diff --git a/lib/internal/Magento/Framework/App/StaticResource.php b/lib/internal/Magento/Framework/App/StaticResource.php index d591debb68f72..4367e8905e8c2 100644 --- a/lib/internal/Magento/Framework/App/StaticResource.php +++ b/lib/internal/Magento/Framework/App/StaticResource.php @@ -5,7 +5,9 @@ */ namespace Magento\Framework\App; +use Magento\Framework\App\Filesystem\DirectoryList; use Magento\Framework\ObjectManager\ConfigLoaderInterface; +use Magento\Framework\Filesystem; /** * Entry point for retrieving static resources like JS, CSS, images by requested public path @@ -14,46 +16,33 @@ */ class StaticResource implements \Magento\Framework\AppInterface { - /** - * @var State - */ + /** @var State */ private $state; - /** - * @var \Magento\Framework\App\Response\FileInterface - */ + /** @var \Magento\Framework\App\Response\FileInterface */ private $response; - /** - * @var Request\Http - */ + /** @var Request\Http */ private $request; - /** - * @var View\Asset\Publisher - */ + /** @var View\Asset\Publisher */ private $publisher; - /** - * @var \Magento\Framework\View\Asset\Repository - */ + /** @var \Magento\Framework\View\Asset\Repository */ private $assetRepo; - /** - * @var \Magento\Framework\Module\ModuleList - */ + /** @var \Magento\Framework\Module\ModuleList */ private $moduleList; - /** - * @var \Magento\Framework\ObjectManagerInterface - */ + /** @var \Magento\Framework\ObjectManagerInterface */ private $objectManager; - /** - * @var ConfigLoaderInterface - */ + /** @var ConfigLoaderInterface */ private $configLoader; + /** @var Filesystem */ + private $filesystem; + /** * @param State $state * @param Response\FileInterface $response @@ -116,12 +105,14 @@ public function launch() */ public function catchException(Bootstrap $bootstrap, \Exception $exception) { - $this->response->setHttpResponseCode(404); - $this->response->setHeader('Content-Type', 'text/plain'); if ($bootstrap->isDeveloperMode()) { + $this->response->setHttpResponseCode(404); + $this->response->setHeader('Content-Type', 'text/plain'); $this->response->setBody($exception->getMessage() . "\n" . $exception->getTraceAsString()); + $this->response->sendResponse(); + } else { + require $this->getFilesystem()->getDirectoryRead(DirectoryList::PUB)->getAbsolutePath('errors/404.php'); } - $this->response->sendResponse(); return true; } @@ -156,4 +147,18 @@ protected function parsePath($path) $result['file'] = $parts[5]; return $result; } + + /** + * Lazyload filesystem driver + * + * @deprecated + * @return Filesystem + */ + private function getFilesystem() + { + if (!$this->filesystem) { + $this->filesystem = $this->objectManager->get(Filesystem::class); + } + return $this->filesystem; + } } diff --git a/lib/internal/Magento/Framework/App/Test/Unit/BootstrapTest.php b/lib/internal/Magento/Framework/App/Test/Unit/BootstrapTest.php index e4b5de3f74ee8..8929407ce48b8 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/BootstrapTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/BootstrapTest.php @@ -162,26 +162,35 @@ public function testGetObjectManager() $this->assertSame($this->objectManager, $bootstrap->getObjectManager()); } - public function testIsDeveloperMode() + /** + * @param $modeFromEnvironment + * @param $modeFromDeployment + * @param $isDeveloper + * + * @dataProvider testIsDeveloperModeDataProvider + */ + public function testIsDeveloperMode($modeFromEnvironment, $modeFromDeployment, $isDeveloper) { - $bootstrap = self::createBootstrap(); - $this->assertFalse($bootstrap->isDeveloperMode()); - $testParams = [State::PARAM_MODE => State::MODE_DEVELOPER]; + $testParams = []; + if ($modeFromEnvironment) { + $testParams[State::PARAM_MODE] = $modeFromEnvironment; + } + if ($modeFromDeployment) { + $this->deploymentConfig->method('get')->willReturn($modeFromDeployment); + } $bootstrap = self::createBootstrap($testParams); - $this->assertTrue($bootstrap->isDeveloperMode()); - $this->deploymentConfig->expects($this->any())->method('get')->willReturn(State::MODE_DEVELOPER); - $bootstrap = self::createBootstrap(); - $this->assertTrue($bootstrap->isDeveloperMode()); + $this->assertEquals($isDeveloper, $bootstrap->isDeveloperMode()); } - public function testIsDeveloperModeСontradictoryValues() + public function testIsDeveloperModeDataProvider() { - $this->deploymentConfig->expects($this->any())->method('get')->willReturn(State::MODE_PRODUCTION); - $bootstrap = self::createBootstrap(); - $this->assertFalse($bootstrap->isDeveloperMode()); - $testParams = [State::PARAM_MODE => State::MODE_DEVELOPER]; - $bootstrap = self::createBootstrap($testParams); - $this->assertTrue($bootstrap->isDeveloperMode()); + return [ + [null, null, false], + [State::MODE_DEVELOPER, State::MODE_PRODUCTION, true], + [State::MODE_PRODUCTION, State::MODE_DEVELOPER, false], + [null, State::MODE_DEVELOPER, true], + [null, State::MODE_PRODUCTION, false] + ]; } public function testRunNoErrors() diff --git a/lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php b/lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php index 78d5cc7f5acc9..32e028347a61d 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php @@ -8,6 +8,9 @@ namespace Magento\Framework\App\Test\Unit; +use Magento\Framework\App\Bootstrap; +use Magento\Framework\Filesystem; + class StaticResourceTest extends \PHPUnit_Framework_TestCase { /** @@ -188,17 +191,13 @@ public function testLaunchWrongPath() $this->object->launch(); } - public function testCatchException() + public function testCatchExceptionDeveloperMode() { - $bootstrap = $this->getMock('Magento\Framework\App\Bootstrap', [], [], '', false); - $bootstrap->expects($this->at(0))->method('isDeveloperMode')->willReturn(false); - $bootstrap->expects($this->at(1))->method('isDeveloperMode')->willReturn(true); - $exception = new \Exception('message'); - $this->response->expects($this->exactly(2))->method('setHttpResponseCode')->with(404); - $this->response->expects($this->exactly(2))->method('setHeader')->with('Content-Type', 'text/plain'); - $this->response->expects($this->exactly(2))->method('sendResponse'); - $this->response->expects($this->once())->method('setBody')->with($this->stringStartsWith('message')); - $this->assertTrue($this->object->catchException($bootstrap, $exception)); + $bootstrap = $this->getMockBuilder(Bootstrap::class)->disableOriginalConstructor()->getMock(); + $bootstrap->expects($this->once())->method('isDeveloperMode')->willReturn(true); + $exception = new \Exception('Error: nothing works'); + $this->response->expects($this->once())->method('setHttpResponseCode')->with(404); + $this->response->expects($this->once())->method('sendResponse'); $this->assertTrue($this->object->catchException($bootstrap, $exception)); } } diff --git a/nginx.conf.sample b/nginx.conf.sample index d4cdc8a9934dd..5de37535a1f8a 100644 --- a/nginx.conf.sample +++ b/nginx.conf.sample @@ -26,6 +26,7 @@ root $MAGE_ROOT/pub; index index.php; autoindex off; charset UTF-8; +error_page 404 403 = /errors/404.php; #add_header "X-UA-Compatible" "IE=Edge"; location ~* ^/setup($|/) { @@ -185,6 +186,7 @@ gzip_types image/svg+xml; gzip_vary on; -location ~ \.php$ { +# Banned locations (only reached if the earlier PHP entry point regexes don't match) +location ~* (\.php$|\.htaccess$|\.git) { deny all; } diff --git a/pub/get.php b/pub/get.php index 760f922adb140..3be707560b8c5 100644 --- a/pub/get.php +++ b/pub/get.php @@ -45,13 +45,13 @@ // Serve file if it's materialized if ($mediaDirectory) { if (!$isAllowed($relativePath, $allowedResources)) { - header('HTTP/1.0 404 Not Found'); + require_once 'errors/404.php'; exit; } $mediaAbsPath = $mediaDirectory . '/' . $relativePath; if (is_readable($mediaAbsPath)) { if (is_dir($mediaAbsPath)) { - header('HTTP/1.0 404 Not Found'); + require_once 'errors/404.php'; exit; } $transfer = new \Magento\Framework\File\Transfer\Adapter\Http( From 6640a2b4e22f0672f5a5ff2edd6e07cf58eaa439 Mon Sep 17 00:00:00 2001 From: brywaters Date: Mon, 6 Jun 2016 14:53:23 -0500 Subject: [PATCH 12/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Change Configuration Cache to ignore http https as part of key - Cache SSLOffloadHeaderName --- .../Framework/App/Config/ScopePool.php | 3 +- .../Magento/Framework/App/Request/Http.php | 3 +- .../Framework/HTTP/PhpEnvironment/Request.php | 47 ++++++++++++++----- 3 files changed, 39 insertions(+), 14 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Config/ScopePool.php b/lib/internal/Magento/Framework/App/Config/ScopePool.php index 172d1117d2e8f..910be3ef55e83 100644 --- a/lib/internal/Magento/Framework/App/Config/ScopePool.php +++ b/lib/internal/Magento/Framework/App/Config/ScopePool.php @@ -91,7 +91,8 @@ private function getRequest() public function getScope($scopeType, $scopeCode = null) { $scopeCode = $this->_getScopeCode($scopeType, $scopeCode); - $baseUrl = $this->getRequest()->getDistroBaseUrl(); + // Skip our Magento Scheme detection https and http are in same key space + $baseUrl = $this->getRequest()->getBaseUrl(); $code = $scopeType . '|' . $scopeCode . '|' . $baseUrl; if (!isset($this->_scopes[$code])) { $cacheKey = $this->_cacheId . '|' . $code; diff --git a/lib/internal/Magento/Framework/App/Request/Http.php b/lib/internal/Magento/Framework/App/Request/Http.php index fcfa206e34621..fe9b5d2b38643 100644 --- a/lib/internal/Magento/Framework/App/Request/Http.php +++ b/lib/internal/Magento/Framework/App/Request/Http.php @@ -317,9 +317,8 @@ public function getDistroBaseUrl() { $headerHttpHost = $this->getServer('HTTP_HOST'); $headerHttpHost = $this->converter->cleanString($headerHttpHost); - $headerScriptName = $this->getServer('SCRIPT_NAME'); - if (isset($headerScriptName) && isset($headerHttpHost)) { + if (isset($headerHttpHost)) { if($secure = $this->isSecure()) { $scheme = 'https://'; } else { diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index fd2b3d3b117ed..9a4b56316201d 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -92,7 +92,14 @@ class Request extends \Zend\Http\PhpEnvironment\Request * @var \Magento\Framework\App\Config */ protected $appConfig; - + + /** + * Name of http header to check for ssl offloading default value is X-Forwarded-Proto + * + * @var string + */ + protected $SSLOffloadHeader; + /** * @param CookieReaderInterface $cookieReader * @param StringUtils $converter @@ -407,16 +414,34 @@ public function isSecure() if ($this->immediateRequestSecure()) { return true; } - /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not - installed MAGETWO-31756 */ - // Check if a proxy sent a header indicating an initial secure request - $offLoaderHeader = trim( - (string)$this->getAppConfig()->getValue( - self::XML_PATH_OFFLOADER_HEADER, - \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT - ) - ); - return $this->initialRequestSecure($offLoaderHeader); + + return $this->initialRequestSecure($this->getSSLOffloadHeader()); + } + + /*** + * + * Get value of SSL offload http header from configuration -- defaults to X-Forwarded-Proto + * + * @return string + */ + private function getSSLOffloadHeader() + { + + // Lets read from db only one time okay. + if ($this->SSLOffloadHeader === null){ + + /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not + installed MAGETWO-31756 */ + // Check if a proxy sent a header indicating an initial secure request + $offLoaderHeader = trim( + (string)$this->getAppConfig()->getValue( + self::XML_PATH_OFFLOADER_HEADER, + \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT + ) + ); } + + return $this->SSLOffloadHeader; + } /** From eee0d25134c90cbc9c21e6caaf18eb88d7565fb1 Mon Sep 17 00:00:00 2001 From: brywaters Date: Mon, 6 Jun 2016 15:09:53 -0500 Subject: [PATCH 13/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Update Test --- .../Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php index c0799b49eab76..ec760a850e291 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php @@ -75,7 +75,7 @@ protected function setUp() $reflectionProperty->setAccessible(true); $reflectionProperty->setValue($this->_object, $requestMock); $requestMock->expects($this->any()) - ->method('getDistroBaseUrl') + ->method('getBaseUrl') ->willReturn('baseUrl'); } From 0ecee2981db745b84c15c092e3d768970482a088 Mon Sep 17 00:00:00 2001 From: brywaters Date: Mon, 6 Jun 2016 15:19:36 -0500 Subject: [PATCH 14/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Update ScopePoolTest --- .../Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php index ec760a850e291..e08a32d9c4b6b 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php @@ -58,7 +58,7 @@ protected function setUp() ->disableOriginalConstructor() ->setMethods( [ - 'getDistroBaseUrl', + 'getBaseUrl', 'getModuleName', 'setModuleName', 'getActionName', From 6eef03c562cb83eeb10cacb6861aac32d208b86b Mon Sep 17 00:00:00 2001 From: brywaters Date: Mon, 6 Jun 2016 15:41:07 -0500 Subject: [PATCH 15/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Update HttpTest - Fix request caching of ssl offload header --- lib/internal/Magento/Framework/App/Request/Http.php | 5 +++-- .../Magento/Framework/App/Test/Unit/Request/HttpTest.php | 1 + .../Magento/Framework/HTTP/PhpEnvironment/Request.php | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Request/Http.php b/lib/internal/Magento/Framework/App/Request/Http.php index fe9b5d2b38643..434a2e3ebae16 100644 --- a/lib/internal/Magento/Framework/App/Request/Http.php +++ b/lib/internal/Magento/Framework/App/Request/Http.php @@ -317,9 +317,10 @@ public function getDistroBaseUrl() { $headerHttpHost = $this->getServer('HTTP_HOST'); $headerHttpHost = $this->converter->cleanString($headerHttpHost); + $headerScriptName = $this->getServer('SCRIPT_NAME'); - if (isset($headerHttpHost)) { - if($secure = $this->isSecure()) { + if (isset($headerScriptName) && isset($headerHttpHost)) { + if ($secure = $this->isSecure()) { $scheme = 'https://'; } else { $scheme = 'http://'; diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index 2c3aa27ff2daa..8bdf3d56fb244 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -348,6 +348,7 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->willReturn($configOffloadHeader); $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"appConfig" ,$configMock); + $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"SSLOffloadHeader" ,null ); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 9a4b56316201d..07c767970b71a 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -433,7 +433,7 @@ private function getSSLOffloadHeader() /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not installed MAGETWO-31756 */ // Check if a proxy sent a header indicating an initial secure request - $offLoaderHeader = trim( + $this->SSLOffloadHeader = trim( (string)$this->getAppConfig()->getValue( self::XML_PATH_OFFLOADER_HEADER, \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT From 93655ff807e732281b1b630b4105754a0be66428 Mon Sep 17 00:00:00 2001 From: brywaters Date: Mon, 6 Jun 2016 16:03:12 -0500 Subject: [PATCH 16/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Update ScopePool cache key to remove schema but keep everything else --- .../Magento/Framework/App/Config/ScopePool.php | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Config/ScopePool.php b/lib/internal/Magento/Framework/App/Config/ScopePool.php index 910be3ef55e83..1bceb6c57dd3d 100644 --- a/lib/internal/Magento/Framework/App/Config/ScopePool.php +++ b/lib/internal/Magento/Framework/App/Config/ScopePool.php @@ -91,9 +91,13 @@ private function getRequest() public function getScope($scopeType, $scopeCode = null) { $scopeCode = $this->_getScopeCode($scopeType, $scopeCode); - // Skip our Magento Scheme detection https and http are in same key space - $baseUrl = $this->getRequest()->getBaseUrl(); - $code = $scopeType . '|' . $scopeCode . '|' . $baseUrl; + + //Key by url to support dynamic {{base_url}} and port assignments + $host = $this->getRequest()->getServer('HTTP_HOST'); + $port = $this->getRequest()->getServer('SERVER_PORT'); + $path = $this->getRequest()->getBasePath(); + $urlInfo = $host . $port . trim($path, '/'); + $code = $scopeType . '|' . $scopeCode . '|' . $urlInfo; if (!isset($this->_scopes[$code])) { $cacheKey = $this->_cacheId . '|' . $code; $data = $this->_cache->load($cacheKey); From a683c74c2a4b85cc9ca622fe3611e89546d29cb3 Mon Sep 17 00:00:00 2001 From: brywaters Date: Mon, 6 Jun 2016 16:14:33 -0500 Subject: [PATCH 17/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Update ScopePoolTest to reflect new cache key --- .../Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php index e08a32d9c4b6b..b6bf2e580d9c1 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php @@ -58,7 +58,7 @@ protected function setUp() ->disableOriginalConstructor() ->setMethods( [ - 'getBaseUrl', + 'getBasePath', 'getModuleName', 'setModuleName', 'getActionName', @@ -68,6 +68,7 @@ protected function setUp() 'setParams', 'getCookie', 'isSecure', + 'getServer' ] )->getMock(); $reflection = new \ReflectionClass(get_class($this->_object)); @@ -75,7 +76,7 @@ protected function setUp() $reflectionProperty->setAccessible(true); $reflectionProperty->setValue($this->_object, $requestMock); $requestMock->expects($this->any()) - ->method('getBaseUrl') + ->method('getBasePath') ->willReturn('baseUrl'); } From bfa91c9a542ebe28ca8513db0d7bb81ae49f8601 Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 10:41:15 -0500 Subject: [PATCH 18/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Add localhost default to keep integration tests functioning --- lib/internal/Magento/Framework/App/Config/ScopePool.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/internal/Magento/Framework/App/Config/ScopePool.php b/lib/internal/Magento/Framework/App/Config/ScopePool.php index 1bceb6c57dd3d..d007ab080d434 100644 --- a/lib/internal/Magento/Framework/App/Config/ScopePool.php +++ b/lib/internal/Magento/Framework/App/Config/ScopePool.php @@ -96,8 +96,10 @@ public function getScope($scopeType, $scopeCode = null) $host = $this->getRequest()->getServer('HTTP_HOST'); $port = $this->getRequest()->getServer('SERVER_PORT'); $path = $this->getRequest()->getBasePath(); + $host = ($host == null) ? 'localhost' : $host; $urlInfo = $host . $port . trim($path, '/'); $code = $scopeType . '|' . $scopeCode . '|' . $urlInfo; + if (!isset($this->_scopes[$code])) { $cacheKey = $this->_cacheId . '|' . $code; $data = $this->_cache->load($cacheKey); From 0d254a4e4ba3d84666911620eb5c2d5a067b6eab Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 12:55:24 -0500 Subject: [PATCH 19/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Change Scope pool to use getHttpHost to make compatible with TestFramework/Request.php --- lib/internal/Magento/Framework/App/Config/ScopePool.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Config/ScopePool.php b/lib/internal/Magento/Framework/App/Config/ScopePool.php index d007ab080d434..e33e6817d37cc 100644 --- a/lib/internal/Magento/Framework/App/Config/ScopePool.php +++ b/lib/internal/Magento/Framework/App/Config/ScopePool.php @@ -93,13 +93,12 @@ public function getScope($scopeType, $scopeCode = null) $scopeCode = $this->_getScopeCode($scopeType, $scopeCode); //Key by url to support dynamic {{base_url}} and port assignments - $host = $this->getRequest()->getServer('HTTP_HOST'); + $host = $this->getRequest()->getHttpHost(); $port = $this->getRequest()->getServer('SERVER_PORT'); $path = $this->getRequest()->getBasePath(); - $host = ($host == null) ? 'localhost' : $host; $urlInfo = $host . $port . trim($path, '/'); $code = $scopeType . '|' . $scopeCode . '|' . $urlInfo; - + if (!isset($this->_scopes[$code])) { $cacheKey = $this->_cacheId . '|' . $code; $data = $this->_cache->load($cacheKey); From 0afd7b5bafff048aa5b4a94a4227f90868c516f8 Mon Sep 17 00:00:00 2001 From: Dale Sikkema Date: Tue, 7 Jun 2016 13:30:17 -0500 Subject: [PATCH 20/28] MAGETWO-52867: [APPSEC-1446] Sensitive server information disclosure upon specific URL requests --- pub/.htaccess | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pub/.htaccess b/pub/.htaccess index 6d70d0f19a838..926c012eef6a5 100644 --- a/pub/.htaccess +++ b/pub/.htaccess @@ -197,6 +197,10 @@ deny from all +# For 404s and 403s that aren't handled by the application, show plain 404 response +ErrorDocument 404 /errors/404.php +ErrorDocument 403 /errors/404.php + ############################################ ## If running in cluster environment, uncomment this ## http://developer.yahoo.com/performance/rules.html#etags From 43cf72eb1d43e351f314ccb42ba2199f70e2f204 Mon Sep 17 00:00:00 2001 From: Dale Sikkema Date: Tue, 7 Jun 2016 13:39:01 -0500 Subject: [PATCH 21/28] MAGETWO-52867: [APPSEC-1446] Sensitive server information disclosure upon specific URL requests --- .htaccess | 4 ++-- .htaccess.sample | 61 ++++++++++++++++++++++++++---------------------- 2 files changed, 35 insertions(+), 30 deletions(-) diff --git a/.htaccess b/.htaccess index 9db22a53dde42..61a6e70d03e7f 100644 --- a/.htaccess +++ b/.htaccess @@ -277,8 +277,8 @@ deny from all - order allow,deny - deny from all + order allow,deny + deny from all # For 404s and 403s that aren't handled by the application, show plain 404 response diff --git a/.htaccess.sample b/.htaccess.sample index a6818c1e6b89a..61a6e70d03e7f 100644 --- a/.htaccess.sample +++ b/.htaccess.sample @@ -1,11 +1,12 @@ ############################################ -## Optional override of deployment mode. We recommend you use the -## command bin/magento deploy:mode:set to switch modes instead -# SetEnv MAGE_MODE default # or production or developer +## overrides deployment configuration mode value +## use command bin/magento deploy:mode:set to switch modes + +# SetEnv MAGE_MODE developer ############################################ -## Uncomment these lines for CGI mode. -## Make sure to specify the correct cgi php binary file name +## uncomment these lines for CGI mode +## make sure to specify the correct cgi php binary file name ## it might be /cgi-bin/php-cgi # Action php5-cgi /cgi-bin/php5-cgi @@ -16,42 +17,42 @@ # Options -MultiViews -## You might also need to add this line to php.ini +## you might also need to add this line to php.ini ## cgi.fix_pathinfo = 1 -## If it still doesn't work, rename php.ini to php5.ini +## if it still doesn't work, rename php.ini to php5.ini ############################################ -## This line is specific for 1and1 hosting +## this line is specific for 1and1 hosting #AddType x-mapp-php5 .php #AddHandler x-mapp-php5 .php ############################################ -## Default index file +## default index file DirectoryIndex index.php ############################################ -## Adjust memory limit +## adjust memory limit php_value memory_limit 768M php_value max_execution_time 18000 ############################################ -## Disable automatic session start +## disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ -## Enable resulting html compression +## enable resulting html compression #php_flag zlib.output_compression on ########################################### -## Disable user agent verification to not break multiple image upload +## disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off @@ -60,24 +61,24 @@ ############################################ -## Adjust memory limit +## adjust memory limit php_value memory_limit 768M php_value max_execution_time 18000 ############################################ -## Disable automatic session start +## disable automatic session start ## before autoload was initialized php_flag session.auto_start off ############################################ -## Enable resulting html compression +## enable resulting html compression #php_flag zlib.output_compression on ########################################### -## Disable user agent verification to not break multiple image upload +## disable user agent verification to not break multiple image upload php_flag suhosin.session.cryptua off @@ -85,7 +86,7 @@ ########################################### -## Disable POST processing to not break multiple image upload +## disable POST processing to not break multiple image upload SecFilterEngine Off SecFilterScanPOST Off @@ -94,7 +95,7 @@ ############################################ -## Enable apache served files compression +## enable apache served files compression ## http://developer.yahoo.com/performance/rules.html#gzip # Insert filter on all content @@ -122,14 +123,14 @@ ############################################ -## Make HTTPS env vars available for CGI mode +## make HTTPS env vars available for CGI mode SSLOptions StdEnvVars ############################################ -## Workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other) +## workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other) ## Please, set it on virtual host configuration level ## SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 @@ -138,19 +139,19 @@ ############################################ -## Enable rewrites +## enable rewrites Options +FollowSymLinks RewriteEngine on ############################################ -## You can put here your magento root folder +## you can put here your magento root folder ## path relative to web root #RewriteBase /magento/ ############################################ -## Workaround for HTTP authorization +## workaround for HTTP authorization ## in CGI environment RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] @@ -162,21 +163,21 @@ RewriteRule .* - [L,R=405] ############################################ -## Redirect for mobile user agents +## redirect for mobile user agents #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$ #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC] #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302] ############################################ -## Never rewrite for existing files, directories and links +## never rewrite for existing files, directories and links RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l ############################################ -## Rewrite everything else to index.php +## rewrite everything else to index.php RewriteRule .* index.php [L] @@ -205,7 +206,7 @@ ########################################### ## Deny access to root files to hide sensitive application information - RedirectMatch 404 /\.git + RedirectMatch 403 /\.git order allow,deny @@ -280,6 +281,10 @@ deny from all +# For 404s and 403s that aren't handled by the application, show plain 404 response +ErrorDocument 404 /pub/errors/404.php +ErrorDocument 403 /pub/errors/404.php + ################################ ## If running in cluster environment, uncomment this ## http://developer.yahoo.com/performance/rules.html#etags From 3446a1eb5da518848a152895e947b7357ffbdea6 Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 13:50:59 -0500 Subject: [PATCH 22/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Add Whitespace, Syntax --- .../Magento/Framework/HTTP/PhpEnvironment/Request.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 07c767970b71a..08f853595d56f 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -428,7 +428,7 @@ private function getSSLOffloadHeader() { // Lets read from db only one time okay. - if ($this->SSLOffloadHeader === null){ + if ($this->SSLOffloadHeader === null) { /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not installed MAGETWO-31756 */ @@ -438,7 +438,8 @@ private function getSSLOffloadHeader() self::XML_PATH_OFFLOADER_HEADER, \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT ) - ); } + ); + } return $this->SSLOffloadHeader; From 57aada3da0c10c77146acfc7b10bd4042076bba6 Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 14:24:28 -0500 Subject: [PATCH 23/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - clean up unit test --- .../Framework/App/Test/Unit/Request/HttpTest.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index 8bdf3d56fb244..fa28bc4e88b98 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -79,8 +79,8 @@ public function tearDown() */ private function getModel($uri = null, $mockAppConfig = true) { - $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); - $model = $testFrameworkObjectManager->getObject( + + $model = $this->objectManager->getObject( 'Magento\Framework\App\Request\Http', [ 'routeConfig' => $this->_routerListMock, @@ -93,7 +93,7 @@ private function getModel($uri = null, $mockAppConfig = true) if($mockAppConfig){ $MockAppConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); - $testFrameworkObjectManager->setBackwardCompatibleProperty($model, 'appConfig', $MockAppConfig ); + $this->objectManager->setBackwardCompatibleProperty($model, 'appConfig', $MockAppConfig ); } return $model; @@ -346,9 +346,9 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->method('getValue') ->with(\Magento\Framework\App\Request\Http::XML_PATH_OFFLOADER_HEADER, ScopeConfigInterface::SCOPE_TYPE_DEFAULT) ->willReturn($configOffloadHeader); - $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); - $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"appConfig" ,$configMock); - $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model,"SSLOffloadHeader" ,null ); + + $this->objectManager->setBackwardCompatibleProperty($this->_model,'appConfig' ,$configMock); + $this->objectManager->setBackwardCompatibleProperty($this->_model, 'SSLOffloadHeader' ,null ); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); From 9cd9de363941b17486df1dbf58b25abeca2b3d99 Mon Sep 17 00:00:00 2001 From: Dale Sikkema Date: Tue, 7 Jun 2016 14:26:31 -0500 Subject: [PATCH 24/28] MAGETWO-52867: [APPSEC-1446] Sensitive server information disclosure upon specific URL requests --- lib/internal/Magento/Framework/App/Bootstrap.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/App/Bootstrap.php b/lib/internal/Magento/Framework/App/Bootstrap.php index 2f93054b9f7ce..2420e5ac72362 100644 --- a/lib/internal/Magento/Framework/App/Bootstrap.php +++ b/lib/internal/Magento/Framework/App/Bootstrap.php @@ -409,7 +409,8 @@ public function isDeveloperMode() $mode = $this->server[State::PARAM_MODE]; } else { $deploymentConfig = $this->getObjectManager()->get(DeploymentConfig::class); - if (($configMode = $deploymentConfig->get(State::PARAM_MODE)) !== null) { + $configMode = $deploymentConfig->get(State::PARAM_MODE); + if ($configMode) { $mode = $configMode; } } From c0db1c2656adaa9a7fa26357084128a0668c0c8c Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 14:51:29 -0500 Subject: [PATCH 25/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - add getHttpHost to mock in unit test --- .../Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php index b6bf2e580d9c1..ef95d05dd9c9d 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php @@ -68,7 +68,8 @@ protected function setUp() 'setParams', 'getCookie', 'isSecure', - 'getServer' + 'getServer', + 'getHttpHost' ] )->getMock(); $reflection = new \ReflectionClass(get_class($this->_object)); From 4e526e2c6c532c19074236ef47cfc2b77ea054f1 Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 15:06:03 -0500 Subject: [PATCH 26/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Syntax and whitespace --- .../Magento/Framework/App/Config/ScopePool.php | 2 +- .../Framework/App/Test/Unit/Request/HttpTest.php | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Config/ScopePool.php b/lib/internal/Magento/Framework/App/Config/ScopePool.php index e33e6817d37cc..d366349722f0f 100644 --- a/lib/internal/Magento/Framework/App/Config/ScopePool.php +++ b/lib/internal/Magento/Framework/App/Config/ScopePool.php @@ -92,7 +92,7 @@ public function getScope($scopeType, $scopeCode = null) { $scopeCode = $this->_getScopeCode($scopeType, $scopeCode); - //Key by url to support dynamic {{base_url}} and port assignments + // Key by url to support dynamic {{base_url}} and port assignments $host = $this->getRequest()->getHttpHost(); $port = $this->getRequest()->getServer('SERVER_PORT'); $path = $this->getRequest()->getBasePath(); diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index fa28bc4e88b98..be63dff864f0b 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -91,9 +91,9 @@ private function getModel($uri = null, $mockAppConfig = true) ] ); - if($mockAppConfig){ - $MockAppConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); - $this->objectManager->setBackwardCompatibleProperty($model, 'appConfig', $MockAppConfig ); + if ($mockAppConfig) { + $mockConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); + $this->objectManager->setBackwardCompatibleProperty($model, 'appConfig', $mockConfig ); } return $model; @@ -347,8 +347,8 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->with(\Magento\Framework\App\Request\Http::XML_PATH_OFFLOADER_HEADER, ScopeConfigInterface::SCOPE_TYPE_DEFAULT) ->willReturn($configOffloadHeader); - $this->objectManager->setBackwardCompatibleProperty($this->_model,'appConfig' ,$configMock); - $this->objectManager->setBackwardCompatibleProperty($this->_model, 'SSLOffloadHeader' ,null ); + $this->objectManager->setBackwardCompatibleProperty($this->_model, 'appConfig', $configMock); + $this->objectManager->setBackwardCompatibleProperty($this->_model, 'SSLOffloadHeader', null ); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); From d26a7b62becf1aa12e64329a435b1a556a03872d Mon Sep 17 00:00:00 2001 From: brywaters Date: Tue, 7 Jun 2016 15:40:57 -0500 Subject: [PATCH 27/28] MAGETWO-52923: Switching to Varnish causes category menu to force HTTPS links - Revert unit test to using real object manager --- .../Framework/App/Test/Unit/Request/HttpTest.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index be63dff864f0b..b14f2424183a7 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -79,8 +79,8 @@ public function tearDown() */ private function getModel($uri = null, $mockAppConfig = true) { - - $model = $this->objectManager->getObject( + $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); + $model = $testFrameworkObjectManager->getObject( 'Magento\Framework\App\Request\Http', [ 'routeConfig' => $this->_routerListMock, @@ -93,7 +93,7 @@ private function getModel($uri = null, $mockAppConfig = true) if ($mockAppConfig) { $mockConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); - $this->objectManager->setBackwardCompatibleProperty($model, 'appConfig', $mockConfig ); + $testFrameworkObjectManager->setBackwardCompatibleProperty($model, 'appConfig', $mockConfig ); } return $model; @@ -346,9 +346,9 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->method('getValue') ->with(\Magento\Framework\App\Request\Http::XML_PATH_OFFLOADER_HEADER, ScopeConfigInterface::SCOPE_TYPE_DEFAULT) ->willReturn($configOffloadHeader); - - $this->objectManager->setBackwardCompatibleProperty($this->_model, 'appConfig', $configMock); - $this->objectManager->setBackwardCompatibleProperty($this->_model, 'SSLOffloadHeader', null ); + $testFrameworkObjectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager ($this); + $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model, 'appConfig', $configMock); + $testFrameworkObjectManager->setBackwardCompatibleProperty($this->_model, 'SSLOffloadHeader', null ); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); From 18c719e118ce4eb5c003142c5ead636368c60f46 Mon Sep 17 00:00:00 2001 From: Igor Melnikov Date: Tue, 7 Jun 2016 15:45:14 -0500 Subject: [PATCH 28/28] MAGETWO-52923: MAGETWO-52923: [Github] Switching to Varnish causes category menu to force HTTPS links #4540 Unit tests, code style --- .../Observer/ProcessLayoutRenderElement.php | 4 +-- .../App/Test/Unit/Request/HttpTest.php | 27 ++++++++++++------- .../Framework/HTTP/PhpEnvironment/Request.php | 22 +++++++-------- 3 files changed, 28 insertions(+), 25 deletions(-) diff --git a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php index ab066a9e28b82..aa96c1060207e 100644 --- a/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php +++ b/app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php @@ -59,8 +59,8 @@ protected function _wrapEsi( 'handles' => json_encode($layout->getUpdate()->getHandles()) ] ); - // Varnish does not support esi over https must change to http - $url = (substr($url, 0, 5) === 'https') ? 'http' . substr($url, 5) : $url; + // Varnish does not support ESI over HTTPS must change to HTTP + $url = substr($url, 0, 5) === 'https' ? 'http' . substr($url, 5) : $url; return sprintf('', $url); } diff --git a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php index be63dff864f0b..fcb2046a14d65 100644 --- a/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php +++ b/lib/internal/Magento/Framework/App/Test/Unit/Request/HttpTest.php @@ -32,15 +32,20 @@ class HttpTest extends \PHPUnit_Framework_TestCase protected $_infoProcessorMock; /** - * @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager | \PHPUnit_Framework_MockObject_MockObject + * @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager | \PHPUnit_Framework_MockObject_MockObject */ - protected $objectManager; + protected $objectManagerMock; /** - * @var \Magento\Framework\Stdlib\StringUtils | \PHPUnit_Framework_MockObject_MockObject + * @var \Magento\Framework\Stdlib\StringUtils | \PHPUnit_Framework_MockObject_MockObject */ protected $converterMock; + /** + * @var \Magento\Framework\TestFramework\Unit\Helper\ObjectManager + */ + private $objectManager; + /** * @var array */ @@ -58,7 +63,7 @@ protected function setUp() ); $this->_infoProcessorMock = $this->getMock('Magento\Framework\App\Request\PathInfoProcessorInterface'); $this->_infoProcessorMock->expects($this->any())->method('process')->will($this->returnArgument(1)); - $this->objectManager = $this->getMock('Magento\Framework\ObjectManagerInterface'); + $this->objectManagerMock = $this->getMock('Magento\Framework\ObjectManagerInterface'); $this->converterMock = $this->getMockBuilder('Magento\Framework\Stdlib\StringUtils') ->disableOriginalConstructor() ->setMethods(['cleanString']) @@ -67,6 +72,8 @@ protected function setUp() // Stash the $_SERVER array to protect it from modification in test $this->serverArray = $_SERVER; + + $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this); } public function tearDown() @@ -77,7 +84,7 @@ public function tearDown() /** * @return \Magento\Framework\App\Request\Http */ - private function getModel($uri = null, $mockAppConfig = true) + private function getModel($uri = null, $appConfigMock = true) { $model = $this->objectManager->getObject( @@ -85,15 +92,15 @@ private function getModel($uri = null, $mockAppConfig = true) [ 'routeConfig' => $this->_routerListMock, 'pathInfoProcessor' => $this->_infoProcessorMock, - 'objectManager' => $this->objectManager, + 'objectManager' => $this->objectManagerMock, 'converter' => $this->converterMock, 'uri' => $uri, ] ); - if ($mockAppConfig) { - $mockConfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); - $this->objectManager->setBackwardCompatibleProperty($model, 'appConfig', $mockConfig ); + if ($appConfigMock) { + $configMock = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false); + $this->objectManager->setBackwardCompatibleProperty($model, 'appConfig', $configMock); } return $model; @@ -348,7 +355,7 @@ public function testIsSecure($isSecure, $serverHttps, $headerOffloadKey, $header ->willReturn($configOffloadHeader); $this->objectManager->setBackwardCompatibleProperty($this->_model, 'appConfig', $configMock); - $this->objectManager->setBackwardCompatibleProperty($this->_model, 'SSLOffloadHeader', null ); + $this->objectManager->setBackwardCompatibleProperty($this->_model, 'sslOffloadHeader', null); $this->_model->getServer()->set($headerOffloadKey, $headerOffloadValue); $this->_model->getServer()->set('HTTPS', $serverHttps); diff --git a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php index 08f853595d56f..64f8dd4564e65 100644 --- a/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php +++ b/lib/internal/Magento/Framework/HTTP/PhpEnvironment/Request.php @@ -98,7 +98,7 @@ class Request extends \Zend\Http\PhpEnvironment\Request * * @var string */ - protected $SSLOffloadHeader; + protected $sslOffloadHeader; /** * @param CookieReaderInterface $cookieReader @@ -415,25 +415,23 @@ public function isSecure() return true; } - return $this->initialRequestSecure($this->getSSLOffloadHeader()); + return $this->initialRequestSecure($this->SslOffloadHeader()); } /*** - * - * Get value of SSL offload http header from configuration -- defaults to X-Forwarded-Proto + * Get value of SSL offload http header from configuration - defaults to X-Forwarded-Proto * * @return string */ - private function getSSLOffloadHeader() + private function SslOffloadHeader() { - // Lets read from db only one time okay. - if ($this->SSLOffloadHeader === null) { + if ($this->sslOffloadHeader === null) { - /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not - installed MAGETWO-31756 */ + // @todo: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not + // installed MAGETWO-31756 // Check if a proxy sent a header indicating an initial secure request - $this->SSLOffloadHeader = trim( + $this->sslOffloadHeader = trim( (string)$this->getAppConfig()->getValue( self::XML_PATH_OFFLOADER_HEADER, \Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT @@ -441,15 +439,13 @@ private function getSSLOffloadHeader() ); } - return $this->SSLOffloadHeader; - + return $this->sslOffloadHeader; } /** * Create an instance of Magento\Framework\App\Config * * @return \Magento\Framework\App\Config - * * @deprecated */ private function getAppConfig()