ZF-11783: Zend_Amf_Response_Http emits notice when $_SERVER['HTTPS'] not defined


Just upgraded from Zend AMF 1.11.10 to 1.11.11 and tried running my Flex application. It failed and the following error was generated:

Undefined index: HTTPS

0 include() called at [/RCMS/Kernel/Bootstrap.php:16]

1 errorHandler(8, Undefined index: HTTPS, /Zend/Amf/Response/Http.php, 59, Array()) called at [/Zend/Amf/Response/Http.php:59]

2 Zend_Amf_Response_Http->isIeOverSsl() called at [/Zend/Amf/Response/Http.php:44]

3 Zend_Amf_Response_Http->getResponse() called at [/Zend/Amf/Response.php:147]

4 Zend_Amf_Response->__toString() called at [/DesktopAMF.php:58]


Line 59 of Http.php reads:

$ssl = $_SERVER['HTTPS'];

Changing it to the following code resolves the issue:

$ssl = isset($_SERVER['HTTPS']);


Fixed in trunk r24523 r24524. Merged to release-1.11 in r24525.

I think it would be better to check it like this:

$ssl = false;
if ( isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)
    $ssl = true;

There has been discussion about HTTP_X_FORWARDED_PROTO in the past (see ZF-5012) and it was agreed then that we shouldn't rely on it.