DRCIT/snipe-it
1
0
Fork 0
mirror of https://github.com/snipe/snipe-it.git synced 2025-01-13 06:47:46 -08:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

Add Reverse Proxy support to Pre-Flight URL check

Browse source 
Before this change, the Pre-Flight URL check would inevitably fail
whenever Snipe-IT was running behind a reverse proxy or load balancer.

The URL check tries to ensure that the configured application URL
matches the URL that is actually used to reach the application. However,
when running behind an HTTP intermediary (like a reverse proxy or a load
balancer) the HTTP connection that Snipe-IT receives is not the _real_
connection from the user anymore, but a connection from the HTTP
intermediary. The scheme, host and port that Snipe-IT would obtain from
that incoming intermediary connection wouldn't match what is configured
as application URL and, therefore, the URL check would fail.

This commit solves the situation by making Snipe-IT's Pre-Flight URL
check aware of the `X-Forwarded-Proto` and `X-Forwarded-Host` HTTP
headers. These headers represent the _de-facto_ standard used by reverse
proxies and other HTTP intermediary components to convey information
about the incoming HTTP connection to the upstream application. Being
the upstream application, Snipe-IT can then make use of this information
to correctly evaluate the validity of the configured application URL.
This commit is contained in:
Manuel Rodríguez Guimeráns 2023-02-27 21:32:47 +01:00
parent 95bd58487a
commit 548ae7ad22
1 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
app/Http/Controllers/SettingsController.php
View file

@ -65,12 +65,22 @@ class SettingsController extends Controller
$start_settings['db_error'] = $e->getMessage();
}
$protocol = array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS']) ? 'https://' : 'http://';
if (array_key_exists("HTTP_X_FORWARDED_PROTO", $_SERVER)) {
$protocol = $_SERVER["HTTP_X_FORWARDED_PROTO"] . "://";
} elseif (array_key_exists('HTTPS', $_SERVER) && ('on' == $_SERVER['HTTPS'])) {
$protocol = "https://";
} else {
$protocol = "http://";
}
$host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null;
$port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null;
if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) {
$host .= ':'.$port;
if (array_key_exists("HTTP_X_FORWARDED_HOST", $_SERVER)) {
$host = $_SERVER["HTTP_X_FORWARDED_HOST"];
} else {
$host = array_key_exists('SERVER_NAME', $_SERVER) ? $_SERVER['SERVER_NAME'] : null;
$port = array_key_exists('SERVER_PORT', $_SERVER) ? $_SERVER['SERVER_PORT'] : null;
if (('http://' === $protocol && '80' != $port) || ('https://' === $protocol && '443' != $port)) {
$host .= ':'.$port;
}
}
$pageURL = $protocol.$host.$_SERVER['REQUEST_URI'];