ZF-11783: Zend_Amf_Response_Http emits notice when $_SERVER['HTTPS'] not defined

Issue Type:

Bug

Created:

2011-09-30T16:41:21.000+0000

Last Updated:

2011-11-09T17:22:17.000+0000

Status:

Resolved

Fix version(s):

1.11.12 (22/Jun/12)

Reporter:

David Reade (randomreado)

Assignee:

Adam Lundrigan (adamlundrigan)

Tags:

Zend_Amf
zf-caretaker-adamlundrigan

Related issues:

Attachments:

Description

Just upgraded from Zend AMF 1.11.10 to 1.11.11 and tried running my Flex application. It failed and the following error was generated:

Undefined index: HTTPS

0 include() called at [/RCMS/Kernel/Bootstrap.php:16]

1 errorHandler(8, Undefined index: HTTPS, /Zend/Amf/Response/Http.php, 59, Array()) called at [/Zend/Amf/Response/Http.php:59]

2 Zend_Amf_Response_Http->isIeOverSsl() called at [/Zend/Amf/Response/Http.php:44]

3 Zend_Amf_Response_Http->getResponse() called at [/Zend/Amf/Response.php:147]

4 Zend_Amf_Response->__toString() called at [/DesktopAMF.php:58]

========

Line 59 of Http.php reads:

$ssl = $_SERVER['HTTPS'];

Changing it to the following code resolves the issue:

$ssl = isset($_SERVER['HTTPS']);

Comments

Posted by Adam Lundrigan (adamlundrigan) on 2011-10-24T01:11:16.000+0000

Fixed in trunk r24523 r24524. Merged to release-1.11 in r24525.

Posted by Jani Mikkonen (janisto) on 2011-11-09T10:43:44.000+0000

I think it would be better to check it like this:


$ssl = false;
if ( isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on' || $_SERVER['HTTPS'] == 1)
  || isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
    $ssl = true;
}

Posted by Adam Lundrigan (adamlundrigan) on 2011-11-09T17:22:17.000+0000

There has been discussion about HTTP_X_FORWARDED_PROTO in the past (see ZF-5012) and it was agreed then that we shouldn't rely on it.