mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-26 00:32:42 +01:00
Add redirect to HTTPS option
Summary: Rehash of D3411. In cgi/fcgi setups we have no idea if the request is HTTP or HTTPS as far as I can tell, so make this config-triggered again. Also handle @vrana's "off" case. Test Plan: Set this flag, observed redirect to https when `$_SERVER['HTTPS']` was absent. Reviewers: nh, vrana Reviewed By: nh CC: aran Differential Revision: https://secure.phabricator.com/D3420
This commit is contained in:
parent
e3c6dc687a
commit
ee05fe81a4
3 changed files with 38 additions and 0 deletions
|
@ -55,6 +55,25 @@ return array(
|
|||
// string), but doing so will break existing sessions and CSRF tokens.
|
||||
'security.hmac-key' => '[D\t~Y7eNmnQGJ;rnH6aF;m2!vJ8@v8C=Cs:aQS\.Qw',
|
||||
|
||||
// If the web server responds to both HTTP and HTTPS requests but you want
|
||||
// users to connect with only HTTPS, you can set this to true to make
|
||||
// Phabricator redirect HTTP requests to HTTPS.
|
||||
//
|
||||
// Normally, you should just configure your server not to accept HTTP traffic,
|
||||
// but this setting may be useful if you originally used HTTP and have now
|
||||
// switched to HTTPS but don't want to break old links, or if your webserver
|
||||
// sits behind a load balancer which terminates HTTPS connections and you
|
||||
// can not reasonably configure more granular behavior there.
|
||||
//
|
||||
// NOTE: Phabricator determines if a request is HTTPS or not by examining the
|
||||
// PHP $_SERVER['HTTPS'] variable. If you run Apache/mod_php this will
|
||||
// probably be set correctly for you automatically, but if you run Phabricator
|
||||
// as CGI/FCGI (e.g., through nginx or lighttpd), you need to configure your
|
||||
// web server so that it passes the value correctly based on the connection
|
||||
// type. Alternatively, you can add a PHP snippet to the top of this
|
||||
// configuration file to directly set $_SERVER['HTTPS'] to the correct value.
|
||||
'security.require-https' => false,
|
||||
|
||||
|
||||
// -- Internationalization -------------------------------------------------- //
|
||||
|
||||
|
|
|
@ -327,4 +327,14 @@ final class AphrontRequest {
|
|||
return $_SERVER['REMOTE_ADDR'];
|
||||
}
|
||||
|
||||
public function isHTTPS() {
|
||||
if (empty($_SERVER['HTTPS'])) {
|
||||
return false;
|
||||
}
|
||||
if (!strcasecmp($_SERVER["HTTPS"], "off")) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -119,6 +119,15 @@ abstract class AphrontApplicationConfiguration {
|
|||
$request = $this->getRequest();
|
||||
$path = $request->getPath();
|
||||
|
||||
if (PhabricatorEnv::getEnvConfig('security.require-https')) {
|
||||
if (!$request->isHTTPS()) {
|
||||
$uri = $request->getRequestURI();
|
||||
$uri->setDomain($request->getHost());
|
||||
$uri->setProtocol('https');
|
||||
return $this->buildRedirectController($uri);
|
||||
}
|
||||
}
|
||||
|
||||
list($controller, $uri_data) = $this->buildControllerForPath($path);
|
||||
if (!$controller) {
|
||||
if (!preg_match('@/$@', $path)) {
|
||||
|
|
Loading…
Reference in a new issue