Actions
Task #89703
closed
Update hostHeaderValueMatchesTrustedHostsPattern
Status:
Rejected
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2019-11-18
Due date:
% Done:
0%
Estimated time:
TYPO3 Version:
8
PHP Version:
Tags:
Complexity:
Sprint Focus:
Description
If we are behind a reverse proxy (that uses http connection to TYPO3 and https to the client) and host header value includes port then check if:
$parsedHostValue['host'] equals strtolower($_SERVER['SERVER_NAME'])
and
(string)$parsedHostValue['port'] equals $defaultPort.
Otherwise SERVER_PORT equals Port 80 and parsedHostValue['port'] is reporting NULL (or 443 when included in the header) and the check always fails =>
- (string)$parsedHostValue['port']: 443 != $_SERVER['SERVER_PORT']: 80
- $defaultPort: 443 != $_SERVER['SERVER_PORT']: 80
My code might be utter trash so please check if it is secure.
This issue was automatically created from https://github.com/TYPO3/TYPO3.CMS/pull/217
Updated by 
Updated by
Actions