mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 01:10:58 +01:00
Improve "Host" header check
Summary: See IRC. This check is somewhat misleading right now because it could arise from a mangled/broken Host header rather than a bad `phabricator.base-uri` configuration. Test Plan: Faked this to trip, read all the text. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D11894
This commit is contained in:
parent
59a35af395
commit
a5426221b1
1 changed files with 45 additions and 12 deletions
|
@ -9,20 +9,53 @@ final class PhabricatorBaseURISetupCheck extends PhabricatorSetupCheck {
|
||||||
protected function executeChecks() {
|
protected function executeChecks() {
|
||||||
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
|
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
|
||||||
|
|
||||||
if (strpos(AphrontRequest::getHTTPHeader('Host'), '.') === false) {
|
$host_header = AphrontRequest::getHTTPHeader('Host');
|
||||||
$summary = pht(
|
if (strpos($host_header, '.') === false) {
|
||||||
'The domain does not contain a dot. This is necessary for some web '.
|
if (!strlen(trim($host_header))) {
|
||||||
'browsers to be able to set cookies.');
|
$name = pht('No "Host" Header');
|
||||||
|
$summary = pht('No "Host" header present in request.');
|
||||||
$message = pht(
|
$message = pht(
|
||||||
'The domain in the base URI must contain a dot ("."), e.g. '.
|
'This request did not include a "Host" header. This may mean that '.
|
||||||
'"http://example.com", not just a bare name like "http://example/". '.
|
'your webserver (like nginx or apache) is misconfigured so the '.
|
||||||
'Some web browsers will not set cookies on domains with no TLD.');
|
'"Host" header is not making it to Phabricator, or that you are '.
|
||||||
|
'making a raw request without a "Host" header using a tool or '.
|
||||||
|
'library.'.
|
||||||
|
"\n\n".
|
||||||
|
'If you are using a web browser, check your webserver '.
|
||||||
|
'configuration. If you are using a tool or library, check how the '.
|
||||||
|
'request is being constructed.'.
|
||||||
|
"\n\n".
|
||||||
|
'It is also possible (but very unlikely) that some other network '.
|
||||||
|
'device (like a load balancer) is stripping the header.'.
|
||||||
|
"\n\n".
|
||||||
|
'Requests must include a valid "Host" header.');
|
||||||
|
} else {
|
||||||
|
$name = pht('Bad "Host" Header');
|
||||||
|
$summary = pht('Request has bad "Host" header.');
|
||||||
|
$message = pht(
|
||||||
|
'This request included an invalid "Host" header, with value "%s". '.
|
||||||
|
'Host headers must contain a dot ("."), like "example.com". This '.
|
||||||
|
'is required for some browsers to be able to set cookies.'.
|
||||||
|
"\n\n".
|
||||||
|
'This may mean the base URI is configured incorrectly. You must '.
|
||||||
|
'serve Phabricator from a base URI with a dot (like '.
|
||||||
|
'"https://phabricator.mycompany.com"), not a bare domain '.
|
||||||
|
'(like "https://phabricator/"). If you are trying to use a bare '.
|
||||||
|
'domain, change your configuration to use a full domain with a dot '.
|
||||||
|
'in it instead.'.
|
||||||
|
"\n\n".
|
||||||
|
'This might also mean that your webserver (or some other network '.
|
||||||
|
'device, like a load balancer) is mangling the "Host" header, or '.
|
||||||
|
'you are using a tool or library to issue a request manually and '.
|
||||||
|
'setting the wrong "Host" header.'.
|
||||||
|
"\n\n".
|
||||||
|
'Requests must include a valid "Host" header.',
|
||||||
|
$host_header);
|
||||||
|
}
|
||||||
|
|
||||||
$this
|
$this
|
||||||
->newIssue('config.phabricator.domain')
|
->newIssue('request.host')
|
||||||
->setShortName(pht('Dotless Domain'))
|
->setName($name)
|
||||||
->setName(pht('No Dot Character in Domain'))
|
|
||||||
->setSummary($summary)
|
->setSummary($summary)
|
||||||
->setMessage($message)
|
->setMessage($message)
|
||||||
->setIsFatal(true);
|
->setIsFatal(true);
|
||||||
|
|
Loading…
Reference in a new issue