phpCAS icon indicating copy to clipboard operation
phpCAS copied to clipboard

Published 20 hours ago verified publisher icon apereo

_isHttps bug?

Open xxlv opened this issue 7 years ago • 1 comments

Client.php line:3617

  if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
            return ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https');
        } elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) {
            return ($_SERVER['HTTP_X_FORWARDED_PROTOCOL'] === 'https');
        } elseif ( isset($_SERVER['HTTPS'])
            && !empty($_SERVER['HTTPS'])
            && strcasecmp($_SERVER['HTTPS'], 'off') !== 0
        ) {
            return true;
        }
        return false;

sometimes , domain may cross two proxy layers . so the HTTP_X_FORWARDED_PROTO will be set "https,https". i think , the project should support this state :)

xxlv avatar May 02 '17 05:05 xxlv

Might make sense to check if the variable begins with 'https' since this is the only relevant part I would think.

jfritschi avatar May 21 '17 15:05 jfritschi