AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-09 15:24:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix issue with login being restricted if HTTPS_ONLY is True and SSL is terminated at a proxy and then forwarded to ITFlow App as HTTP

Browse Source
This commit is contained in:
johnnyq
2023-09-21 12:00:46 -04:00
parent 82893c8c72
commit 0bc10a30e8
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
login.php
View File

@@ -11,12 +11,11 @@ if (!file_exists('config.php')) {
require_once("config.php"); require_once("config.php");
// Check if the application is configured for HTTPS-only access // Check if the application is configured for HTTPS-only access
if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on')) { if ($config_https_only && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') && (!isset($_SERVER['HTTP_X_FORWARDED_PROTO']) || $_SERVER['HTTP_X_FORWARDED_PROTO'] !== 'https')) {
echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet."; echo "Login is restricted as ITFlow defaults to HTTPS-only for enhanced security. To login using HTTP, modify the config.php file by setting config_https_only to false. However, this is strongly discouraged, especially when accessing from potentially unsafe networks like the internet.";
exit; exit;
} }
require_once("functions.php"); require_once("functions.php");
require_once("rfc6238.php"); require_once("rfc6238.php");