From e12044867b9d59bf44b5baedec539e79f9a2c020 Mon Sep 17 00:00:00 2001 From: stefank Date: Mon, 1 Oct 2018 22:33:31 +0200 Subject: [PATCH 1/4] Support of error pages behind a load balancer that serves HTTPS but accesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS --- pub/errors/processor.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pub/errors/processor.php b/pub/errors/processor.php index 7240707f642c2..6add4e8cb3ad1 100644 --- a/pub/errors/processor.php +++ b/pub/errors/processor.php @@ -265,7 +265,8 @@ public function getHostUrl() $host = 'localhost'; } - $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off'); + // HTTP_X_FORWARDED_PROTO to check whether a webserver using HTTP is behind a load balancer serving HTTPS + $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off') || $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'; $url = ($isSecure ? 'https://' : 'http://') . $host; if (!empty($_SERVER['SERVER_PORT']) && !in_array($_SERVER['SERVER_PORT'], [80, 443]) From b1b39283c17b718a356f8f16e39815885e096637 Mon Sep 17 00:00:00 2001 From: stefank Date: Wed, 3 Oct 2018 17:04:51 +0200 Subject: [PATCH 2/4] Support of error pages behind a load balancer that serves HTTPS but accesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS --- pub/errors/processor.php | 1 - 1 file changed, 1 deletion(-) diff --git a/pub/errors/processor.php b/pub/errors/processor.php index 6add4e8cb3ad1..8756aab1acec3 100644 --- a/pub/errors/processor.php +++ b/pub/errors/processor.php @@ -265,7 +265,6 @@ public function getHostUrl() $host = 'localhost'; } - // HTTP_X_FORWARDED_PROTO to check whether a webserver using HTTP is behind a load balancer serving HTTPS $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off') || $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'; $url = ($isSecure ? 'https://' : 'http://') . $host; From 53452fbe0dbe96e1ceb3f91973fc88e25c9108ee Mon Sep 17 00:00:00 2001 From: stefank Date: Wed, 3 Oct 2018 17:15:43 +0200 Subject: [PATCH 3/4] Support of error pages behind a load balancer that serves HTTPS but accesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS --- pub/errors/processor.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/pub/errors/processor.php b/pub/errors/processor.php index 8756aab1acec3..3958c6d152c9d 100644 --- a/pub/errors/processor.php +++ b/pub/errors/processor.php @@ -265,7 +265,8 @@ public function getHostUrl() $host = 'localhost'; } - $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off') || $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'; + $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off') + || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'); $url = ($isSecure ? 'https://' : 'http://') . $host; if (!empty($_SERVER['SERVER_PORT']) && !in_array($_SERVER['SERVER_PORT'], [80, 443]) From 320c0aab8787cfc3f63a4f170f4711c614c0e715 Mon Sep 17 00:00:00 2001 From: Ihor Sviziev Date: Sun, 7 Oct 2018 08:48:28 +0300 Subject: [PATCH 4/4] Support of error pages behind a load balancer that serves HTTPS Use strict comparison --- pub/errors/processor.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pub/errors/processor.php b/pub/errors/processor.php index 3958c6d152c9d..2bb25f3fd587d 100644 --- a/pub/errors/processor.php +++ b/pub/errors/processor.php @@ -265,7 +265,7 @@ public function getHostUrl() $host = 'localhost'; } - $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off') + $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] !== 'off') || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'); $url = ($isSecure ? 'https://' : 'http://') . $host;