Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The library generates the url to use when checking the signature by looking at the $_SERVER['HTTPS'] variable.
That's not always correct when a proxy server is in play. We can also use the X-Forwarded-Proto header to determine scheme.
When a drupal site is behind a separate server that does SSL
termination, it can get confused about whether the signed URL
should be https or not. SSL termination or proxy servers add the
X-Forwarded-Proto header to indicate the original request's scheme.
Comment | File | Size | Author |
---|---|---|---|
#2 | oauth-x-forwarded-proto-3015132-1.patch | 1.4 KB | ejegg |
Comments
Comment #2
ejegg CreditAttribution: ejegg as a volunteer commented