Feature #35723
Improvement for SSL detection behind proxy server
| Status: | Needs Feedback | Start date: | 2012-04-05 | |
|---|---|---|---|---|
| Priority: | Could have | Due date: | ||
| Assignee: | - | % Done: | 0% |
|
| Category: | - | |||
| Target version: | - | |||
| TYPO3 Version: | 4.7 | Complexity: | ||
| PHP Version: | ||||
| Votes: | 0 |
Description
In some Proy environments is only the environment variable "HTTP_FRONT_END_HTTPS" set to "On" and the other variables like "SSL_SESSION_ID", "HTTPS" are missing.
So i suggest to support the variable "HTTP_FRONT_END_HTTPS" to detect SSL connections.
Related issues
| duplicates Core - Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL check | Rejected | 2011-09-12 | ||
| duplicates Core - Bug #32999: Cannot properly handle reverse-proxy as SSL end-point | Rejected | 2012-01-05 |
History
Updated by Gerrit Code Review about 1 year ago
- Status changed from New to Under Review
Patch set 1 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10166
Updated by Gerrit Code Review about 1 year ago
Patch set 1 for branch TYPO3_4-7 has been pushed to the review server.
It is available at http://review.typo3.org/10167
Updated by Gerrit Code Review about 1 year ago
Patch set 1 for branch TYPO3_4-6 has been pushed to the review server.
It is available at http://review.typo3.org/10168
Updated by Gerrit Code Review about 1 year ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/10166
Updated by Wouter Wolters 11 months ago
Is abandoned in Gerrit. Don't know if Tolleiv's suggestion is still valid.
Updated by Ernesto Baschny 11 months ago
- Tracker changed from Bug to Feature
- Status changed from Under Review to Needs Feedback
- Priority changed from Should have to Could have
As concluded in the now abandonned review session, relying on variables that could be forged by the client is not ideal.
Tolleiv suggested to make the list of fields "configurable". How about a hook in t3lib_div::getIndpEnv to allow extensions to manipulate the return value of the settings "at will"? This provides more flexibility and doesn't require TYPO3-core to handle every Webserver configuration.