phpCAS icon indicating copy to clipboard operation
phpCAS copied to clipboard

Published 20 hours ago verified publisher icon apereo

Nginx default hostname "_" forwarded to SSO server

Open Corfiot opened this issue 4 years ago • 5 comments

Default nginx config has a host name of "_" Diff to support this is:

--- a/source/CAS/Client.php
+++ b/source/CAS/Client.php
@@ -3970,7 +3970,7 @@ class CAS_Client
         } else if (!empty($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
             $server_url = $_SERVER['HTTP_X_FORWARDED_SERVER'];
         } else {
-            if (empty($_SERVER['SERVER_NAME'])) {
+            if (empty($_SERVER['SERVER_NAME']) || $_SERVER['SERVER_NAME'] == '_') {
                 $server_url = $_SERVER['HTTP_HOST'];
             } else {
                 $server_url = $_SERVER['SERVER_NAME'];

Obviously you need to fix the config sample in the examples folder as well:

--- a/docs/examples/config.example.php
+++ b/docs/examples/config.example.php
@@ -63,11 +63,13 @@ $driver_options = '';
 ///////////////////////////////////////////

 // Generating the URLS for the local cas example services for proxy testing
+$sname = (empty($_SERVER['SERVER_NAME']) || $_SERVER['SERVER_NAME']=='_' )?$_SERVER['HOST_NAME']:$_SERVER['SERVER_NAME'];
 if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
-    $curbase = 'https://' . $_SERVER['SERVER_NAME'];
+    $curbase = 'https://' . $sname;
 } else {
-    $curbase = 'http://' . $_SERVER['SERVER_NAME'];
+    $curbase = 'http://' . $sname;
 }
+unset($sname);
 if ($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) {
     $curbase .= ':' . $_SERVER['SERVER_PORT'];
 }

Corfiot avatar Jun 05 '20 21:06 Corfiot

Sorry in a rush, should be HTTP_HOST, not HOST_NAME

Corfiot avatar Jun 05 '20 21:06 Corfiot

I believe this is very specific to your nginx configuration (though it's kind of a convention) so I am not sure if it's worth fixing.

There is nothing special about this name, it is just one of a myriad of invalid domain names which never intersect with any real name. Other invalid names like “--” and “!@#” may equally be used.

http://nginx.org/en/docs/http/server_names.html#miscellaneous_names

https://core.trac.wordpress.org/ticket/25239 is a long thread about this.

phy25 avatar Jun 06 '20 04:06 phy25

Understood, just keep in mind "_" this seems to be Debian default. Closing now.

Corfiot avatar Jun 06 '20 12:06 Corfiot

We can probably document this somehow.

phy25 avatar Jun 06 '20 13:06 phy25

I will reopen this to see if we could get rid of SERVER_NAME to avoid this issue. Please feel free to research if anyone passes by.

phy25 avatar Jun 07 '20 22:06 phy25