[#5562] - SSL improvements to detect HTTP_X_FORWARDED_PRONTO
- Closed
- 5 Jan 2015
- Medium
- Build: staging
- # 5562
- Diff
- xtech86:staging
- Failure The Travis CI build failed Details
User tests: Successful: Unsuccessful:
Simple SSL improvements to detect if they are using the HTTP_X_FORWARDED_PRONTO and is set to https. Used by CloudFlare and many web hosts under clustered hosting environments.
Steps to reproduce the issue
Simple way to reproduce is to enable cloudflare flexissl without the website having it's own SSL certificate. You are then prompted with many SSL/non-ssl errors. Because we are asking the server for SSL Validation which is cannot provide.
Also this is an issue for hosts like TSOHost, which use the same header to reduce down time for sites which switch to SSL.
Expected result
To provide an SSL secured website which is validated.
Actual result
Either a redirect loop, if you enable Force SSL in the Joomla! Config.
Or insecure content warnings if just coming through https.
This PR fixes the issues
jissues-bot
- | Labels |
Added:
?
|
||
| Rel_Number | ⇒ | 5561 | |
| Relation Type | ⇒ | Pull Request for |
| Title |
|
||||||
zero-24
- | Category | ⇒ | Libraries |
The lines that need to be updated are:
FILE: ...is/build/joomla/joomla-cms/libraries/legacy/application/application.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
1171 | WARNING | Line exceeds 150 characters; contains 211 characters
--------------------------------------------------------------------------------
FILE: ...ome/travis/build/joomla/joomla-cms/libraries/joomla/application/web.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
844 | WARNING | Line exceeds 150 characters; contains 212 characters
--------------------------------------------------------------------------------
FILE: /home/travis/build/joomla/joomla-cms/libraries/joomla/uri/uri.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
66 | WARNING | Line exceeds 150 characters; contains 214 characters
--------------------------------------------------------------------------------
FILE: ...travis/build/joomla/joomla-cms/libraries/joomla/environment/browser.php
--------------------------------------------------------------------------------
FOUND 0 ERROR(S) AND 1 WARNING(S) AFFECTING 1 LINE(S)
--------------------------------------------------------------------------------
674 | WARNING | Line exceeds 150 characters; contains 211 characters
--------------------------------------------------------------------------------
The problem is that the lines are longer than 150 chars, please break them in two lines.
This is not that simple, see my PR Improved SSL (https) detection in AbstractWebApplication
I see that cloudflare recommend a plugin to resolve this issue https://support.cloudflare.com/hc/en-us/articles/203624920-How-do-I-fix-the-infinite-redirect-loop-error-in-Joomla-after-enabling-free-Universal-SSL-
This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/5562.
| Status | Pending | ⇒ | Closed |
| Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2015-01-05 11:05:05 |
Please, make Travis happy:
https://travis-ci.org/joomla/joomla-cms/builds/45450779