Problem/Motivation

When trying to convert a scheme-less URL, pathologic checks for $_SERVER['https'] but there are a lot of case where this value is not reliable (like when Drupal is behind a reverse proxy).

Proposed resolution

Use the isSecure() of the Request object instead.

CommentFileSizeAuthor
#2 pathologic-request-https-3047642-2.patch504 bytesduaelfr

Comments

DuaelFr created an issue. See original summary.

duaelfr’s picture

duaelfr
he/him
Primary language French
Location Montpellier, France
commented
Status: Active » Needs review
StatusFileSize
new pathologic-request-https-3047642-2.patch504 bytes
martinma’s picture

martinma commented
Priority: Normal » Major

had problem with https (server forces https) so its a major bug for me

  • dww committed 7a62206 on 8.x-1.x authored by DuaelFr 
    Issue #3047642 by DuaelFr, dww: Bad https detection
dww’s picture

dww
we/he/they
commented
Status: Needs review » Fixed

Good catch! This is inherently hard to test with automated testing, but this is objectively the right fix. So I committed and pushed to 8.x-1.x.

Thanks!
-Derek

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.