Details
-
Bug
-
Resolution: Invalid
-
Medium
-
None
-
4.5.0, 4.6.0
-
None
Description
The construction of eZHTTPTool's redirect url contains three problems, that interfere with setting up a SSL reverse proxy configuration.
Identification of protocol for the constructed redirection url is achieved, within eZHTTPTool::createRedirectUrl through one of two methods:
- override_protocol parameter
- eZSys::serverPort() == site.ini configured ssl port
The usage of override_protocol in parameters is broken, since the value assigned there will be wrongly assigned to $host variable
if ( $parameters['override_protocol'] ) $host = $parameters['override_protocol'];
eZSys::serverPort() will not be an SSL one if the reverse proxy tunnels SSL requests into a non secure apache server.
Instead of identifying SSL through //eZSys::serverPort() == $sslPort// , I would suggest using //eZSys::isSSLNow()//
Finally, if an SSL port other then the standard 443 is used in the reverse proxy, the generated url will fail since //$port = false// when SSL connection is detected.
Steps to reproduce
- Configure a reverse proxy engine (for instance nginx) and set it up to forward SSL requests on port 8443 into an apache server running eZ Publish 4.6 on port 80
- Access the admin portal and attempt to edit an article.
- The browser will be redirected to a basic http url of the site.
Attachments
Issue Links
- relates to
-
EZP-19268 eZHTTPTool::createRedirectUrl() is broken with "override_protocol" param
- Closed