Skip to content
Snippets Groups Projects

[WIP] Check for additional SSL headers before setting $_SERVER['HTTPS']

Closed [WIP] Check for additional SSL headers before setting $_SERVER['HTTPS']
dhaupin/vtigercrm:master into master
Closed Dhaupin requested to merge dhaupin/vtigercrm:master into master

This change allows Vtiger to "see" additional headers that can be sent with a secure request. Cloudflare, for example, hits origin on port 80, does not set $_SERVER['HTTPS'], and instead uses $_SERVER['HTTP_X_FORWARDED_PROTO'] index to let an APP know to run in https:// mode. This causes redirect looping when the APP (Vtiger) is set to run secure, but doesn't know that it is already in secure mode.

Additional values were also added for each header index, so for example, if a homebrew proxy/firewall was incorrectly passing non standard values, such as "1" when it is more common to use "on", this little router can handle it.

Also added a means of setting $_SERVER['PROTOCOL'] and $_SERVER['PROTO'] for use later on in the init. With that in mind, redid the line setting $request_URL to utilize that proto.

Im flagging this a W.I.P because although this snippet has been field tested in other platforms, this is my first Vtiger merge request.

Edited by Apparao G

Merge request reports

Closed by Apparao GApparao G 1 year ago (Jan 24, 2024 11:01am UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply

Copyright 2023 Vtiger. All rights reserved.