Requirement:
1: "REQUIRE HTTPS ON CREDENTIAL PAGES" should be enabled
2: Forwarded https (webservers not terminating https).
The notice I see on https (forwarded).
You are accessing SITE X using an unencrypted connection. For your security, SITE X only supports account logins using a secure protocol such as HTTPS. You can switch to HTTPS by trying to view this page again after changing the URL in your browser 's location bar to begin with "https" instead of "http". Please contact mail@mail.mail for help if this error continues.
In ldap.module line 747
@$_SERVER['HTTPS'] != 'on'
I think should be replaced by something that also tests Forwarded proto?
Something like
@$_SERVER['HTTPS'] != 'on' || $_SERVER[$settings['reverse_proxy_proto_header']] == 'https'
?
Only I'm not sure if the "$settings" there is the way to go.
If someone could advise me the right way I will test this and make patch.
What I see in my _SERVER variable:
_SERVER["HTTP_X_FORWARDED_PROTO"] : "https"
Comment | File | Size | Author |
---|---|---|---|
#4 | forwarded-https-2841404-4.patch | 733 bytes | wouters_f |
Comments
Comment #2
wouters_f CreditAttribution: wouters_f commentedTemporary workaround: Disable "REQUIRE HTTPS ON CREDENTIAL PAGES".
Comment #3
wouters_f CreditAttribution: wouters_f commentedComment #4
wouters_f CreditAttribution: wouters_f as a volunteer commentedok. don't use
use
Comment #6
grahlGreat fix, thanks! Just note that Request should be called with the global namespace \Drupal.