Trusted hosts pattern mismatch with Nginx and HTTP_X_FORWARDED_PORT 443
When the frontend is called via https, there is this error message in the log:
PHP Fatal error: Uncaught UnexpectedValueException: The current host header value does not match the configured trusted hosts pattern! Check the pattern defined in $GLOBALS['TYPO3_CONF_VARS']['SYS']['trustedHostsPattern'] and adapt it, if you want to allow the current host header 'ddev105.ddev.local' for your installation. in /var/www/html/public/typo3/sysext/core/Classes/Utility/GeneralUtility.php:2803"
Install Tools says:
The trusted hosts pattern will be configured to allow all header values. This is because your $SERVER_NAME:[defaultPort] is "ddev105.ddev.local:443" while your HTTP_HOST:SERVER_PORT is "ddev105.ddev.local:80". Check the pattern defined in Admin Tools -> Settings -> Configure Installation-Wide Options -> System -> trustedHostsPattern and adapt it to expected host value(s).
The problem seems to be that the DDEV configuration has no extra SSL configuration and thus there is a mismatch between SERVER_PORT and HTTP_X_FORWARDED_PORT which needs an additional check.Test environment:
- DDEV 1.2.0
- TYPO3 9.4 composer based
Updated by Jigal van Hemert almost 3 years ago
HTTP_X_FORWARDED_PORT is not defined in any RFC and there is some documentation of it in certain software projects.
With multiple proxies the X-Forwarded-* headers may contain lists of values, so it's only safe to assume that this will also be the case for the X_FORWARDED_PORT header.
In some cases the port is included in the X-Forwarded-Host header. How this is handled in case of a combination of X-Forwarded-Host and X-Forwarded-Port headers where one or more hosts have the port number included in the X-Forwarded-Host header is unclear to me.
The RFC-documented X-Forwarded-* headers are superseded by the Forwarded field. So, some proxies may also use a port section in the Forwarded header.
All-in-all we may end up with a combination of headers from which we have to extract the correct information. My understanding is the following list of priorities:
1. if multiple values are present in a header the first value is the original request
2. if a Forwarded header is present the use that value
3. if a port number is included in the X-Forwarded-Host header than use that value
4. if X-Forwarded-Port header is present use that value
5. use the default port for the protocol
Updated by Oliver Hader almost 3 years ago
- Status changed from New to Accepted
Jigal van Hemert, sounds good to setup up a chain in order to resolve proper combinations of host & port values. Would you have time working on a potential patch/solution for this issue?
In general I can confirm that the issue exists, since I was sitting next to Peter (reporter) when this occurred in DDEV.
Updated by Oliver Hader over 2 years ago
For new DDEV projects AdditionalConfiguration.php is defined with wildcard host pattern since
Updated by Jonas Eberle over 1 year ago
Fabien, could you check the value of [SYS][trustedHostsPattern] (in the backend, in module "Configuration" which is part of typo3/cms-lowlevel). If you did no further changes, ddev should have set it in AdditionalConfiguration.php.
Is your error exactly like the one mentioned in the original post here?