Bug #54453

Http request does not handle X-Forwarded-Proto headers consistently

Added by Bastian Waidelich almost 8 years ago. Updated over 7 years ago.

Status:
Resolved
Priority:
Should have
Category:
Http
Target version:
-
Start date:
2013-12-16
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

The Http\Request currently only checks the X-Forwarded-Proto header in isSecure(). But it fails to verify it correctly and it ignores the header when fetching the URI from the current request:
Given:

GET http://acme.com:8080 HTTP/1.1
X-Forwarded-Proto: https
X-Forwarded-Port: 443

(string)$currentHttpRequest->getUri();

EXPECTED: https://acme.com
ACTUAL: http://acme.com:8080

Also available in: Atom PDF