Task #89703
closed
Update hostHeaderValueMatchesTrustedHostsPattern
0%
Description
If we are behind a reverse proxy (that uses http connection to TYPO3 and https to the client) and host header value includes port then check if:
$parsedHostValue['host'] equals strtolower($_SERVER['SERVER_NAME'])
and
(string)$parsedHostValue['port'] equals $defaultPort.
Otherwise SERVER_PORT equals Port 80 and parsedHostValue['port'] is reporting NULL (or 443 when included in the header) and the check always fails =>
- (string)$parsedHostValue['port']: 443 != $_SERVER['SERVER_PORT']: 80
- $defaultPort: 443 != $_SERVER['SERVER_PORT']: 80
My code might be utter trash so please check if it is secure.
This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/217
Updated by Gerrit Code Review over 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/62340
Updated by Susanne Moog about 4 years ago
- Status changed from Under Review to Rejected
Please see reverse proxy related settings in TYPO3 All Configuration (for example `reverseProxySSL` and related settings) on how to configure TYPO3 behind a reverse proxy with your configuration. No changes to code are necessary for your setup, so I'm going to close this issue and the corresponding review. For more info see also the post at https://moc.net/om-moc/aktuelt/blogs/tech/running-typo3-cms-behind-https-proxy