[WIP] Check for additional SSL headers before setting $_SERVER['HTTPS'] (!133) · Merge requests · vtiger / vtigercrm

Dhaupin requested to merge dhaupin/vtigercrm:master into master Jan 03, 2017

This change allows Vtiger to "see" additional headers that can be sent with a secure request. Cloudflare, for example, hits origin on port 80, does not set $_SERVER['HTTPS'], and instead uses $_SERVER['HTTP_X_FORWARDED_PROTO'] index to let an APP know to run in https:// mode. This causes redirect looping when the APP (Vtiger) is set to run secure, but doesn't know that it is already in secure mode.

Additional values were also added for each header index, so for example, if a homebrew proxy/firewall was incorrectly passing non standard values, such as "1" when it is more common to use "on", this little router can handle it.

Also added a means of setting $_SERVER['PROTOCOL'] and $_SERVER['PROTO'] for use later on in the init. With that in mind, redid the line setting $request_URL to utilize that proto.

Im flagging this a W.I.P because although this snippet has been field tested in other platforms, this is my first Vtiger merge request.

Edited Jan 24, 2024 by Apparao G

Admin message

[WIP] Check for additional SSL headers before setting $_SERVER['HTTPS']

Merge request reports