Fix bug HTTPS detection (issue with IIS)

2014-09-08 16:49:54 +02:00 · 2014-09-08 16:49:54 +02:00 · bc0fa40b24
parent 532ea3b868
commit bc0fa40b24
5 changed files with 29 additions and 5 deletions
--- a/app/Auth/RememberMe.php
+++ b/app/Auth/RememberMe.php
@ -3,6 +3,7 @@
 namespace Auth;

 use Core\Security;
+use Core\Tool;

 /**
 * RememberMe model
@ -309,7 +310,7 @@ class RememberMe extends Base
            $expiration,
            BASE_URL_DIRECTORY,
            null,
-            ! empty($_SERVER['HTTPS']),
+            Tool::isHTTPS(),
            true
        );
    }
@ -342,7 +343,7 @@ class RememberMe extends Base
            time() - 3600,
            BASE_URL_DIRECTORY,
            null,
-            ! empty($_SERVER['HTTPS']),
+            Tool::isHTTPS(),
            true
        );
    }
--- a/app/Core/Response.php
+++ b/app/Core/Response.php
@ -246,7 +246,7 @@ class Response
     */
    public function hsts()
    {
-        if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+        if (Tool::isHTTPS()) {
            header('Strict-Transport-Security: max-age=31536000');
        }
    }
--- a/app/Core/Session.php
+++ b/app/Core/Session.php
@ -35,7 +35,7 @@ class Session
            self::SESSION_LIFETIME,
            $base_path ?: '/',
            null,
-            ! empty($_SERVER['HTTPS']),
+            Tool::isHTTPS(),
            true
        );

--- a/app/Core/Tool.php
+++ b/app/Core/Tool.php
@ -32,6 +32,15 @@ class Tool
        }
    }

+    /**
+     * Load and register a model
+     *
+     * @static
+     * @access public
+     * @param  Core\Registry    $registry    DPI container
+     * @param  string           $name        Model name
+     * @return mixed
+     */
    public static function loadModel(Registry $registry, $name)
    {
        if (! isset($registry->$name)) {
@ -41,4 +50,18 @@ class Tool

        return $registry->shared($name);
    }
+
+    /**
+     * Check if the page is requested through HTTPS
+     *
+     * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS
+     *
+     * @static
+     * @access public
+     * @return boolean
+     */
+    public static function isHTTPS()
+    {
+        return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off';
+    }
 }
--- a/app/helpers.php
+++ b/app/helpers.php
@ -65,7 +65,7 @@ function markdown($text)

 function get_current_base_url()
 {
-    $url = isset($_SERVER['HTTPS']) ? 'https://' : 'http://';
+    $url = \Core\Tool::isHTTPS() ? 'https://' : 'http://';
    $url .= $_SERVER['SERVER_NAME'];
    $url .= $_SERVER['SERVER_PORT'] == 80 || $_SERVER['SERVER_PORT'] == 443 ? '' : ':'.$_SERVER['SERVER_PORT'];
    $url .= dirname($_SERVER['PHP_SELF']) !== '/' ? dirname($_SERVER['PHP_SELF']).'/' : '/';