[ltb-dev] [LDAP Tool Box - Bug #799] (Closed) sendtoken behind a proxy need HTTP_X_FORWARDED_PROTO

noreply at lsc-project.org noreply at lsc-project.org
Mon Aug 29 17:06:00 CEST 2016


Issue #799 has been updated by Clément OUDOT.

Status changed from Assigned to Closed
Target version changed from self-service-password-? to self-service-password-1.0

See https://github.com/ltb-project/self-service-password/issues/10
----------------------------------------
Bug #799: sendtoken behind a proxy need HTTP_X_FORWARDED_PROTO
http://tools.lsc-project.org/issues/799

Author: Christian Iuga
Status: Closed
Priority: Normal
Assigned to: Clément OUDOT
Category: Self Service Password
Target version: self-service-password-1.0


Hi,

We use the ssp behing a proxy

The url used for customer is 
https://RP_servename/ssp/index.php

this page is forward from our ReverseProxy to the http server without ssl :
http://servename/ssp/index.php

It's work correctly for all page expected the forgot password : 
   It's create the link url via sendtoken.php but this page don't use the HTTP_X_FORWARDED_PROTO

Please find a simple patch to correct this behaviour


--- /admin/ltb-ssp/pages/sendtoken.php.old	2015-10-12 11:00:01.000000000 +0200
+++ /admin/ltb-ssp/pages/sendtoken.php	2015-10-12 10:49:34.000000000 +0200
@@ -161,6 +161,8 @@
     $server_name = $_SERVER['SERVER_NAME'];
     $server_port = $_SERVER['SERVER_PORT'];
     $script_name = $_SERVER['SCRIPT_NAME'];
+    if ( !empty($_SERVER['HTTP_X_FORWARDED_PROTO']) ) { $method = $_SERVER['HTTP_X_FORWARDED_PROTO']; }
+    if ( !empty($_SERVER['HTTP_X_FORWARDED_PORT']) ) { $server_port = $_SERVER['HTTP_X_FORWARDED_PORT']; }
 
     # Force server port if non standard port
     if (   ( $method === "http"  and $server_port != "80"  )









-- 
You have received this notification because you have either subscribed to it, or are involved in it.
To change your notification preferences, please click here: http://tools.lsc-project.org/my/account
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ltb-project.org/pipermail/ltb-dev/attachments/20160829/01ead317/attachment.htm>


More information about the ltb-dev mailing list