Bug #92187
open
HTTP/HTTPS not correctly determined behind reverseProxy
0%
Description
When using TYPO3 behind a reverse proxy with SSL termination and setting $GLOBALS['TYPO3_CONF_VARS']['SYS']['reverseProxySSL'] to '*' or any ip address, TYPO3 assumes, that the request is using HTTPS even though the proxy might have received it as HTTP. It should honor the X-Forwarded-Proto header, if set.
This effects all active versions (9, 10 and master).
Updated by Gerrit Code Review about 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65550
Updated by Christian Kuhn about 4 years ago
- Related to Bug #29693: Respect HTTP_X_FORWARDED_PROTO in SSL check added
Updated by Anja Leichsenring about 4 years ago
- Status changed from Under Review to Rejected
as stated in the patch, this fix will not be accepted because it opens a security vulnerability.
Updated by Gerrit Code Review about 4 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review about 4 years ago
Patch set 2 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review about 4 years ago
Patch set 3 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review about 3 years ago
Patch set 4 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review about 3 years ago
Patch set 5 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review almost 3 years ago
Patch set 6 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review over 1 year ago
Patch set 7 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review about 1 year ago
Patch set 8 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review 5 months ago
Patch set 9 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review 4 days ago
Patch set 10 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573
Updated by Gerrit Code Review 4 days ago
Patch set 11 for branch main of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/c/Packages/TYPO3.CMS/+/65573