Bug Report #4135
Request protocol not correctly being set to https
|Assignee:||Sam de Freyssinet||% Done:|
The protocol property of the request gets set to $_SERVER['SERVER_PROTOCOL'] but is not updated if $_SERVER['HTTPS'] is set.
I'm not sure if this is a bug or an apache config mistake on my end.
All I know is that the protocol is being set to HTTP/1.1 when I make an https request.
Using redirect with reverse routing then forces the links to HTTP as redirect() calls URL::site() with the protocol parameter set to true.
Fixes #4135, Request::redirect() now correctly respects the protocol if the request is secure
#2 Updated by Sam de Freyssinet about 3 years ago
- Status changed from New to Assigned
- Assignee set to Sam de Freyssinet
So there is two parts to this ticket. The first is invalid, the second is not.
With regards to protocol, an HTTPS connection is using the HTTP/1.1 protocol over a Transport Layer Security protected socket. So the fact that protocol is `http/1.1` is valid and correct. If you wish to detect whether a request is secure or not, use
It sounds like the
Request::redirect() may need some attention, I will investigate further.
#4 Updated by Sam de Freyssinet about 3 years ago
I've provided a fix, but not entirely convinced it's going to suite all needs, as it forces an HTTPS connection to redirect to another HTTPS URL. I agree, the problem is in
URL::base() rather than
Request::redirect(), I will apply a better fix there.