Problem/Motivation
This feature request is to make the kernel capable of rewriting the scheme of the base_url
, when the base_url
has been set in the settings.php file.
This is necessary if a website is behind a crypto off-loader, the base_url
is set and the website can be accessed over both HTTP and HTTPS.
Proposed resolution
My proposed solution is to create a new setting, reverse_proxy_proto_change
, defaulting to FALSE
, which would instruct the kernel to alter the base_url
scheme as needed.
Remaining tasks
I will be writing and submitting the patch shortly.
Comment | File | Size | Author |
---|---|---|---|
#15 | interdiff-13-15.txt | 4.99 KB | t0xicCode |
#15 | make_the_kernel_rewrite-2296555-15.patch | 7.43 KB | t0xicCode |
#1 | make_the_kernel_rewrite-2296555-1.patch | 1.25 KB | t0xicCode |
Comments
Comment #1
t0xicCode CreditAttribution: t0xicCode commentedThe patch allows
initializeRequestGlobals
to rewrite the base_url scheme if necessary to use links with the correct URI.Comment #2
t0xicCode CreditAttribution: t0xicCode commentedComment #3
mgiffordSeems to work nicely when I applied this on SimplyTest.me. Haven't done any further work though.
Comment #4
t0xicCode CreditAttribution: t0xicCode commentedNice with ST.me!
In addition, to exhaustively test the patch, the best way is to setup a local install of d8, install the patch, and configure apache to add the X-Forwarded-Proto with the https value (add
RequestHeader set X-Forwarded-Proto "https"
to the vhost configuration). The$base_url
should be set to an url with the http scheme, andreverse_proxy_proto_change
should be set to TRUE.From there, absolute urls should be constructed with https.
Comment #5
mparker17As instructed:
RequestHeader set X-Forwarded-Proto "https"
in my Apache config,$settings['reverse_proxy_proto_change'] = TRUE;
and$base_url = 'http://test_d8.dev';
insettings.php
, and,https
.Without the patch applied, all absolute links in the source (to stylesheets, etc) started with
http
(i.e.: used the unmodified$base_url
). With the patch applied, all absolute links in the source (to stylesheets, etc) started withhttp
(i.e.: used the modified$base_url
). I'd say this is working as-intended.The code looks good, but is missing tests.
I initially thought it might be really hard to test this because
$base_url
is a global, but there's already a bunch of tests in\Drupal\Tests\Core\Routing\UrlGeneratorTest::testPathBasedURLGeneration()
that test generating URLs with custom$base_url
s.\Drupal\Tests\Core\Site\SettingsTest
may also be useful, as it contains examples of how to set$settings
within a test.Comment #6
t0xicCode CreditAttribution: t0xicCode commentedI've passed some time debugging this in more details, and I noticed that
initializeRequestGlobals
was called too early in the process for the request to be aware of whether it was behind a reverse proxy (or crypto offloader).To fix that, I've moved the relevant code for this issue in the
\Drupal\Core\EventSubscriber\ReverseProxySubscriber
class.I've also added a test suite which should cover this use-case.
Comment #7
mgiffordNo longer applies.
Comment #8
ravi.khetri CreditAttribution: ravi.khetri commentedReRolled.
Comment #10
t0xicCode CreditAttribution: t0xicCode commentedReverseProxySubscriber is no more, as we've moved to stackphp #2303673: Implement stackphp; cleanup handlePageCache() and preHandle().
Comment #11
piyuesh23 CreditAttribution: piyuesh23 commentedTest file has already been updated. Re-queuing it for testing.
Comment #12
mgiffordThe latest patch is still using ReverseProxySubscriber() for tests.
Comment #13
Sharique CreditAttribution: Sharique commentedHere is updated patch.
Comment #15
t0xicCode CreditAttribution: t0xicCode commentedAlso added support for the other X-Forwarded-* headers, as they are needed for correct operation.
Comment #16
mparker17I just did a code review. Seems to conform to Drupal coding standards.
A few things I noticed:
Inconsistent variable type usage (TRUE/FALSE vs 1/0).
"127.0.0.2" seems like a "magic number (constant)". Should it be defined in a constant or variable in the test object?
Probably not a big deal in a test.
... other than those things, it looks fine.
Comment #17
mparker17One more thing to note: if you want code committed to Drupal 8.0.x now that we're in beta, you'll need to fill out a Beta Evaluation to determine if it meets the criteria allowed changes during the Drupal 8 beta phase. If it doesn't apply, you'll have to mark it for Drupal 8.1.x. :S
Comment #18
mparker17Also reading through the core gates to see if this issue passes... a couple of notes:
Documentation gate:
X_FORWARDED_*
headers? If so, please link to it in both the issue summary and in the code so both the core maintainers looking to commit the changes and folks who stumble across the code in the future can read more about what it does / how it works and confirm you wrote code that uses those standards/best-practices.Performance gate: I don't think you need to do anything (doesn't apply).
Accessibility gate: I don't think you need to do anything (doesn't apply).
Usability gate: I don't think you need to do anything (doesn't apply).
Testing gate: I don't think you need to do anything (already done).
Comment #19
t0xicCode CreditAttribution: t0xicCode commentedReviewing this, I believe that the issue can be closed, and all work migrated to #313145: Support X-Forwarded-* HTTP headers alternates.