8000 fixed the logic in Request::isSecure() (if the information comes from… · symfony/symfony@6a3ba52 · GitHub
[go: up one dir, main page]
Skip to content

Commit 6a3ba52

Browse files
fabpotfabpot
committed
fixed the logic in Request::isSecure() (if the information comes from a source that we trust, don't check other ones)
1 parent 67e12f3 commit 6a3ba52

File tree

1 file changed

+5
-7
lines changed

1 file changed

+5
-7
lines changed

src/Symfony/Component/HttpFoundation/Request.php

Lines changed: 5 additions & 7 deletions
Original file line numberDi ABFC ff line numberDiff line change
@@ -771,13 +771,11 @@ public function getQueryString()
771771
*/
772772
public function isSecure()
773773
{
774-
return (
775-
(strtolower($this->server->get('HTTPS')) == 'on' || $this->server->get('HTTPS') == 1)
776-
||
777-
(self::$trustProxyData && strtolower($this->headers->get('SSL_HTTPS')) == 'on' || $this->headers->get('SSL_HTTPS') == 1)
778-
||
779-
(self::$trustProxyData && self::$trustedHeaders['client_proto'] && strtolower($this->headers->get(self::$trustedHeaders['client_proto'])) == 'https')
780-
);
774+
if (self::$trustProxyData && self::$trustedHeaders['client_proto'] && $proto = $this->headers->get(self::$trustedHeaders['client_proto'])) {
775+
return in_array(strtolower($proto), array('https', 'on', '1'));
776+
}
777+
778+
return 'on' == strtolower($this->server->get('HTTPS')) || 1 == $this->server->get('HTTPS');
781779
}
782780

783781
/**

0 commit comments

Comments
 (0)
0