AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP

This commit is contained in:
johnnyq 2023-09-21 12:00:46 -04:00
parent 82893c8c72
commit 0bc10a30e8
1 changed files with 1 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
login.php
View File

@ -11,12 +11,11 @@ if (!file_exists('config.php')) {
require_once("config.php");
// Check if the application is configured for HTTPS-only access
if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')) {
if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https')) {
echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet.";
exit;
}
require_once("functions.php");
require_once("rfc6238.php");