Support of error pages behind a load balancer that serves HTTPS #18333
Conversation
…ccesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS
|
stefank seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. |
pub/errors/processor.php
Outdated
| @@ -265,7 +265,8 @@ public function getHostUrl() | |||
| $host = 'localhost'; | |||
| } | |||
|
|
|||
| $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off'); | |||
| // HTTP_X_FORWARDED_PROTO to check whether a webserver using HTTP is behind a load balancer serving HTTPS | |||
There was a problem hiding this comment.
I think comment is not needed there, it's pretty obvious for what this header is needed.
pub/errors/processor.php
Outdated
| @@ -265,7 +265,8 @@ public function getHostUrl() | |||
| $host = 'localhost'; | |||
| } | |||
|
|
|||
| $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off'); | |||
| // HTTP_X_FORWARDED_PROTO to check whether a webserver using HTTP is behind a load balancer serving HTTPS | |||
| $isSecure = (!empty($_SERVER['HTTPS'])) && ($_SERVER['HTTPS'] != 'off') || $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https'; | |||
There was a problem hiding this comment.
Please add checking that $_SERVER['HTTP_X_FORWARDED_PROTO'] exists, otherwise we'll have notice there
|
Hi @stkams, Could you sign CLA? In case if you already signed CLA, but commit was done from your another email - please add this email to your github account and sign CLI. Unfortunately we can't accept PRs from people who didn't signed CLA. |
…ccesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS
…ccesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS
|
Thanks for the review. All done |
|
Hi @stkams, |
|
Yes, I had signed the CLA using my hotmail email address but there seem to be several ways so I did it again following above link |
|
Hi @stkams your commits contains email no in Hotmail. Please add that email as secondary in your github account |
Use strict comparison
|
Hi @ihor-sviziev, thank you for the review. |
|
Hi @stkams. Thank you for your contribution. |
Support of error pages behind a load balancer that serves HTTPS but accesses the webserver on HTTP. Without this css is loaded on HTTP from a document loaded over HTTPS
Description
If you run magento on webservers serving on HTTP while the loadbalancer serves on HTTPS then base is set to a URL using HTTP which the page is HTTPS. The css is then blocked by browsers.
Fixed Issues (if relevant)
Manual testing scenarios
Contribution checklist