enhanced handling of proxied requests

2021-09-17 13:12:13 +00:00 · 2021-09-17 13:12:13 +00:00 · 25091294cc
commit 25091294cc
parent 36e6a97eb1
2 changed files with 37 additions and 32 deletions
--- a/codepot/src/codepot/config/config.php
+++ b/codepot/src/codepot/config/config.php
@ -12,38 +12,7 @@
 |
 */
 /*$config['base_url']	= "http://example.com"*/
-//$config['base_url'] = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')? 'https': 'http';
-if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']))
-{
-	/* set to https if the first X-Forwarded-Proto is https */
-	if (array_search ("https", array_map ('strtolower', preg_split("/[\s,]+/", $_SERVER['HTTP_X_FORWARDED_PROTO']))) === 0)
-	{
-		$config['base_url'] = 'https';
-		$_SERVER['REQUEST_PROTOCOL'] = 'https';
-	}
-	else
-	{
-		$config['base_url'] = 'http';
-		$_SERVER['REQUEST_PROTOCOL'] = 'http';
-	}
-}
-else if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
-{
-	$config['base_url'] = 'https';
-	$_SERVER['REQUEST_PROTOCOL'] = 'https';
-}
-else
-{
-	$config['base_url'] = 'http';
-	$_SERVER['REQUEST_PROTOCOL'] = 'http';
-}
-
-if (array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_HOST'] != '')
-{
-        $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
-}
-
-$config['base_url'] .= "://{$_SERVER['HTTP_HOST']}";
+$config['base_url'] = "{$_SERVER['REQUEST_PROTOCOL']}://{$_SERVER['HTTP_HOST']}";
 $config['base_url'] .= preg_replace('@/+$@','',dirname($_SERVER['SCRIPT_NAME'])).'/';

 /*
--- a/codepot/src/index.php
+++ b/codepot/src/index.php
@ -84,6 +84,42 @@ define('FCPATH', str_replace(SELF, '', __FILE__));
 define('BASEPATH', $system_folder.'/');
 define('APPPATH', $application_folder.'/');

+/*
+|---------------------------------------------------------------
+| UPDATING $_SERVER
+|---------------------------------------------------------------
+*/ 
+if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']))
+{
+	// set to https if the first X-Forwarded-Proto is https
+	if (array_search ("https", array_map ('strtolower', preg_split("/[\s,]+/", $_SERVER['HTTP_X_FORWARDED_PROTO']))) === 0)
+	{
+		$_SERVER['REQUEST_PROTOCOL'] = 'https';
+	}
+	else
+	{
+		$_SERVER['REQUEST_PROTOCOL'] = 'http';
+	}
+}
+else if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
+{
+	$_SERVER['REQUEST_PROTOCOL'] = 'https';
+}
+else
+{
+	$_SERVER['REQUEST_PROTOCOL'] = 'http';
+}
+
+if (array_key_exists('HTTP_X_FORWARDED_HOST', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_HOST'] != '')
+{
+	$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
+}
+
+if (array_key_exists('HTTP_X_FORWARDED_SERVER', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_SERVER'] != '')
+{
+	$_SERVER['SERVER_NAME'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
+}
+
 /*
 |---------------------------------------------------------------
 | COMPULSORY HTTPS