revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 23:02:42 +01:00
Code Issues Releases Wiki Activity

Add redirect to HTTPS option

Browse source 
Summary: Rehash of D3411. In cgi/fcgi setups we have no idea if the request is HTTP or HTTPS as far as I can tell, so make this config-triggered again. Also handle @vrana's "off" case.

Test Plan: Set this flag, observed redirect to https when `$_SERVER['HTTPS']` was absent.

Reviewers: nh, vrana

Reviewed By: nh

CC: aran

Differential Revision: https://secure.phabricator.com/D3420
This commit is contained in:
epriestley 2012-09-04 09:56:30 -07:00
parent e3c6dc687a
commit ee05fe81a4
3 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
conf/default.conf.php
View file

@ -55,6 +55,25 @@ return array(
// string), but doing so will break existing sessions and CSRF tokens. // string), but doing so will break existing sessions and CSRF tokens.
'security.hmac-key' => '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw', 'security.hmac-key' => '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw',
// If the web server responds to both HTTP and HTTPS requests but you want
// users to connect with only HTTPS, you can set this to true to make
// Phabricator redirect HTTP requests to HTTPS.
//
// Normally, you should just configure your server not to accept HTTP traffic,
// but this setting may be useful if you originally used HTTP and have now
// switched to HTTPS but don't want to break old links, or if your webserver
// sits behind a load balancer which terminates HTTPS connections and you
// can not reasonably configure more granular behavior there.
//
// NOTE: Phabricator determines if a request is HTTPS or not by examining the
// PHP $_SERVER['HTTPS'] variable. If you run Apache/mod_php this will
// probably be set correctly for you automatically, but if you run Phabricator
// as CGI/FCGI (e.g., through nginx or lighttpd), you need to configure your
// web server so that it passes the value correctly based on the connection
// type. Alternatively, you can add a PHP snippet to the top of this
// configuration file to directly set $_SERVER['HTTPS'] to the correct value.
'security.require-https' => false,
// -- Internationalization -------------------------------------------------- // // -- Internationalization -------------------------------------------------- //

10
src/aphront/AphrontRequest.php
View file

@ -327,4 +327,14 @@ final class AphrontRequest {
return $_SERVER['REMOTE_ADDR']; return $_SERVER['REMOTE_ADDR'];
} }
public function isHTTPS() {
if (empty($_SERVER['HTTPS'])) {
return false;
}
if (!strcasecmp($_SERVER["HTTPS"], "off")) {
return false;
}
return true;
}
} }

9
src/aphront/configuration/AphrontApplicationConfiguration.php
View file

@ -119,6 +119,15 @@ abstract class AphrontApplicationConfiguration {
$request = $this->getRequest(); $request = $this->getRequest();
$path = $request->getPath(); $path = $request->getPath();
if (PhabricatorEnv::getEnvConfig('security.require-https')) {
if (!$request->isHTTPS()) {
$uri = $request->getRequestURI();
$uri->setDomain($request->getHost());
$uri->setProtocol('https');
return $this->buildRedirectController($uri);
}
}
list($controller, $uri_data) = $this->buildControllerForPath($path); list($controller, $uri_data) = $this->buildControllerForPath($path);
if (!$controller) { if (!$controller) {
if (!preg_match('@/$@', $path)) { if (!preg_match('@/$@', $path)) {