ZF-11498: No support of Load Balancer X-Forwarded-Proto for HTTPS in Zend_Controller_Request_Http

Issue Type:
Bug
Created:
2011-06-21T06:57:47.000+0000
Last Updated:
2012-11-13T15:41:49.000+0000
Status:
Open
Fix version(s):
    Reporter:
    Jordi (jsmolina)
    Assignee:
    Matthew Weier O'Phinney (matthew)
    Tags:
    • Zend_Controller
    Related issues:
    Attachments:

    Description

    this function only supports use of $_SERVER['HTTPS'], but not supporting 'X-Forwarded-Proto' header.

    
public function getScheme()
{
       return ($this->getServer('HTTPS') == 'on') ? self::SCHEME_HTTPS : self::SCHEME_HTTP;
}

    The support of this header is easy and straight-forward:

    
public function getScheme()
{
    if ($this->getServer('HTTPS') == 'on' || 
        $this->getServer('HTTP_X_FORWARDED_PROTO') == 'https') {
        return self::SCHEME_HTTPS ;
    } else {        
        return self::SCHEME_HTTP;
    }
}

    Comments

    Posted by Marco Brinkmann (marco.brinkmann) on 2011-07-22T10:18:05.000+0000

    Same here, can't detect SSL behind a load balancer. The LB does SSL termination and provides only HTTP_X_FORWARDED_PROTO.

    Posted by Marco Brinkmann (marco.brinkmann) on 2011-07-22T10:22:25.000+0000

    isSecure() is also affected.

    Posted by Satoru Yoshida (satoruyoshida) on 2011-07-26T14:12:39.000+0000

    Set component and auto-reassign

    Posted by Jordi (jsmolina) on 2012-11-13T15:30:39.000+0000

    No movements since one year ago?

    Posted by Frank Brückner (frosch) on 2012-11-13T15:41:18.000+0000

    Please look here: ZF-5012