Joomla! Issue Tracker - CMS

Download
Launch
Feeling Lucky

[#5561] - Improve SSL Detections for HTTP_X_FORWARDED_PROTO

?
Referenced as Pull Request for: # 5562
avatar xtech86
xtech86
30 Dec 2014

Steps to reproduce the issue

Simple way to reproduce is to enable cloudflare flexissl without the website having it's own SSL certificate. You are then prompted with many SSL/non-ssl errors. Because we are asking the server for SSL Validation which is cannot provide.

Also this is an issue for hosts like TSOHost, which use the same header to reduce down time for sites which switch to SSL.

Expected result

To provide an SSL secured website which is validated.

Actual result

Either a redirect loop, if you enable Force SSL in the Joomla! Config.

Or insecure content warnings if just coming through https.

System information (as much as possible)

All Joomla! Versions

Additional comments

Votes

# of Users Experiencing Issue
1/1
Average Importance Score
5.00
avatar xtech86 xtech86 - open - 30 Dec 2014
avatar brianteeman brianteeman - change - 30 Dec 2014
Status New Closed
Closed_Date 0000-00-00 00:00:00 2014-12-30 18:45:05
Closed_By brianteeman
avatar brianteeman brianteeman - close - 30 Dec 2014
avatar zero-24 zero-24 - close - 30 Dec 2014
avatar zero-24 zero-24 - change - 7 Jul 2015
Labels Added: ?

Add a Comment

Login with GitHub to post a comment