Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption.
If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed
This commit is contained in:
parent
fa88250f0e
commit
665dbc2690
@ -16,7 +16,19 @@ printf('<h3 class="title">%s %s</h3>',_('Authenticate to server'),$app['server']
|
|||||||
echo '<br />';
|
echo '<br />';
|
||||||
|
|
||||||
# Check for a secure connection
|
# Check for a secure connection
|
||||||
if (! isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
|
$isHTTPS = false;
|
||||||
|
|
||||||
|
# Check if the current connection is encrypted
|
||||||
|
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
|
||||||
|
$isHTTPS = true;
|
||||||
|
}
|
||||||
|
# Check if a proxy server downstream does encryption for us
|
||||||
|
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && strtolower($_SERVER['HTTP_X_FORWARDED_SSL'])
|
||||||
|
== 'on') {
|
||||||
|
$isHTTPS = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!$isHTTPS) {
|
||||||
echo '<div style="text-align: center; color:red">';
|
echo '<div style="text-align: center; color:red">';
|
||||||
printf('<acronym title="%s"><b>%s: %s.</b></acronym>',
|
printf('<acronym title="%s"><b>%s: %s.</b></acronym>',
|
||||||
_('You are not using \'https\'. Web browser will transmit login information in clear text.'),
|
_('You are not using \'https\'. Web browser will transmit login information in clear text.'),
|
||||||
@ -25,6 +37,7 @@ if (! isset($_SERVER['HTTPS']) || strtolower($_SERVER['HTTPS']) != 'on') {
|
|||||||
|
|
||||||
echo '<br />';
|
echo '<br />';
|
||||||
}
|
}
|
||||||
|
unset($isSecure);
|
||||||
|
|
||||||
# HTTP Basic Auth Form.
|
# HTTP Basic Auth Form.
|
||||||
if ($app['server']->getAuthType() == 'http') {
|
if ($app['server']->getAuthType() == 'http') {
|
||||||
|
Loading…
Reference in New Issue
Block a user