Compare commits

..

5 Commits

Author SHA1 Message Date
osaajani 4fe4d662b7 up dependabot 2023-05-29 21:57:16 +02:00
osaajani 7014f3da68 clean http_pwd forging 2023-05-29 21:53:09 +02:00
Pierre-Lin Bonnemaison 62eb897589
Merge pull request #199 from deajan/make_https_easier
Make HTTPS proxies work
2023-05-29 21:27:16 +02:00
Orsiris de Jong c202806755
Make descartes work with HTTPS proxies 2022-11-04 20:00:27 +01:00
Orsiris de Jong f76977e021
Make sure we allow HTTPS request upgrades when behind https proxy 2022-11-04 19:41:53 +01:00
3 changed files with 24 additions and 14 deletions

View File

@ -3,3 +3,7 @@ RewriteRule ^assets - [L]
RewriteRule ^.well-known - [L] RewriteRule ^.well-known - [L]
RewriteRule ^data/public/ - [L] RewriteRule ^data/public/ - [L]
RewriteRule . index.php RewriteRule . index.php
<IfModule headers_module>
Header always set Content-Security-Policy "upgrade-insecure-requests;"
</ifModule>

6
assets/js/jquery.js vendored

File diff suppressed because one or more lines are too long

View File

@ -5,20 +5,28 @@
* Define Descartes env * Define Descartes env
*/ */
$http_dir_path = '/raspisms'; //Path we need to put after servername in url to access app $http_dir_path = '/raspisms'; //Path we need to put after servername in url to access app
$http_protocol = (isset($_SERVER['HTTPS']) ? 'https' : 'http') . '://'; $https = $_SERVER['HTTPS'] ?? 0;
$http_server_name = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : 'localhost';
$http_server_port = isset($_SERVER['SERVER_PORT']) ? ($_SERVER['SERVER_PORT'] == 80) ? '' : ':' . $_SERVER['SERVER_PORT'] : '';
$https = $_SERVER['HTTPS'] ?? false;
if ( !isset($_SERVER['SERVER_PORT']) || ($_SERVER['SERVER_PORT'] == 80 && !$https) || ($_SERVER['SERVER_PORT'] == 443 && $https) ) // Check for proxy forward
$forwarded_https = ($_SERVER['HTTP_X_FORWARDED_PROTO'] ?? $_SERVER['HTTP_FORWARDED_PROTO'] ?? NULL) == 'https';
$forwarded_ssl = ($_SERVER['HTTP_X_FORWARDED_SSL'] ?? NULL) == 'on';
$proxy = $forwarded_https || $forwarded_ssl;
$http_protocol = 'http://';
if ($https)
{ {
$http_server_port = ''; $http_protocol = 'https://';
}
else
{
$http_server_port = ':' . $_SERVER['SERVER_PORT'];
} }
$http_server_name = $_SERVER['SERVER_NAME'] ?? 'localhost';
// Check port to only set it if not default port
$port = $_SERVER['SERVER_PORT'] ?? '';
$port = ($port == 80 && !$https) ? '' : $port;
$port = ($port == 443 && $https) ? '' : $port;
$port = $proxy ? '' : $port;
$http_server_port = $port ? ':' . $port : '';
$pwd = substr(__DIR__, 0, strrpos(__DIR__, '/')); $pwd = substr(__DIR__, 0, strrpos(__DIR__, '/'));
$http_pwd = $http_protocol . $http_server_name . $http_server_port . $http_dir_path; $http_pwd = $http_protocol . $http_server_name . $http_server_port . $http_dir_path;