Bug Report #4135

Request protocol not correctly being set to https

Added by Martin Ledgard over 3 years ago. Updated over 3 years ago.

Status:ClosedStart date:07/26/2011
Priority:NormalDue date:07/26/2011
Assignee:Sam de Freyssinet% Done:

100%

Category:Core
Target version:v3.2.1
Resolution:fixed Points:1

Description

The protocol property of the request gets set to $_SERVER['SERVER_PROTOCOL'] but is not updated if $_SERVER['HTTPS'] is set.

I'm not sure if this is a bug or an apache config mistake on my end.
All I know is that the protocol is being set to HTTP/1.1 when I make an https request.

Using redirect with reverse routing then forces the links to HTTP as redirect() calls URL::site() with the protocol parameter set to true.


Related issues

Duplicated by Kohana v3.x - Bug Report #4306: URL::base() fails to account for HTTPS under certain situ... Closed 10/11/2011
Duplicated by Kohana v3.x - Bug Report #4288: Redirect on HTTPS site does not function properly in 3.2.0 Closed 09/29/2011
Duplicated by Kohana v3.x - Bug Report #4468: URL::base() does not respect Request::$_secure Closed 03/06/2012
Duplicated by Kohana v3.x - Bug Report #4557: URL::base() not working with HTTPS Closed 06/22/2012

Associated revisions

Revision 41cb72f6
Added by Sam de Freyssinet over 3 years ago

Fixes #4135, Request::redirect() now correctly respects the protocol if the request is secure

Revision 9859bc68
Added by Sam de Freyssinet over 3 years ago

Refs #4135, Updated Request::redirect() and URL::base() to handle HTTPS connection detection correctly

History

#1 Updated by Martin Ledgard over 3 years ago

I've just checked 3.0 and 3.1 and noticed that 3.2 has changed how it assigns the protocol.
Previously $_SERVER['HTTPS'] was used where as you now rely on $_SERVER['SERVER_PROTOCOL'] :-(

#2 Updated by Sam de Freyssinet over 3 years ago

  • Status changed from New to Assigned
  • Assignee set to Sam de Freyssinet

So there is two parts to this ticket. The first is invalid, the second is not.

With regards to protocol, an HTTPS connection is using the HTTP/1.1 protocol over a Transport Layer Security protected socket. So the fact that protocol is `http/1.1` is valid and correct. If you wish to detect whether a request is secure or not, use Request::secure() instead.

It sounds like the Request::redirect() may need some attention, I will investigate further.

#3 Updated by Martin Ledgard over 3 years ago

Thanks Sam, I think the problem is in URL::base() as it should probably check the secure property of the request when determining the protocol to use, see line 48.

#4 Updated by Sam de Freyssinet over 3 years ago

I've provided a fix, but not entirely convinced it's going to suite all needs, as it forces an HTTPS connection to redirect to another HTTPS URL. I agree, the problem is in URL::base() rather than Request::redirect(), I will apply a better fix there.

#5 Updated by Sam de Freyssinet over 3 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 0 to 100

Applied in changeset commit:41cb72f61f5c2db76a780467ad383c1033dd0b70.

#6 Updated by Sam de Freyssinet over 3 years ago

  • Due date set to 07/26/2011
  • Estimated time set to 0.25
  • Resolution set to fixed

#7 Updated by Sam de Freyssinet over 3 years ago

  • Estimated time changed from 0.25 to 1.00

That's one point... not one hour!

#8 Updated by Isaiah DeRose-Wilson over 3 years ago

  • Estimated time deleted (1.00)
  • Points set to 1

Also available in: Atom PDF