CODEWITHSUNDEEP
phpsymfonysilexopenshift
shapeshifter
shapeshifter

Reputation: 2967

Silex redirects adding port 80 to location

I have an app using Silex with a security firewall. When I load my app at https://app.com/web and I'm not authenticated already I get redirected to https://app.com:80/web/user/login_check

This produces an SSL error as I am trying to make an ssl connection on a non-ssl port.

My firewall config looks like this,

$app['security.firewalls'] = array(
'login' => array(
    'pattern' => '^/user/login$',
),
'admin' => array(
    'pattern' => '^.*$',
    'form' => array('login_path' => '/user/login', 'check_path' => '/user/login_check'),
    'logout' => array('logout_path' => '/user/logout'),
    'users' => array(
        // raw password is demo
        'test' => array('ROLE_ADMIN', 'qldD7MO0Ol7e2LijC1qdNxQJpkIdHQLPjHUM0rN/N6AjEHqGzZFsYPh94R/AeFrM8aEt9Y6L$
    ),
),
);

I know I can access https://app.com/web/index.php without the port being added so its not my web server, Its when I get redirected to /user/login page.

I read symfony doesn't use the port in the url but the one defined in _SERVER SERVER_PORT, setting 

$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;

Doesn't help me.

The initial request that redirects returns this in its headers,

Request URL:https://app.com/web/ Request Method:GET Status Code:302 Found

location:https://app.com:80/web/user/login

Does anybody know how to stop silex's redirection adding port 80 to the location?

Edit: I should have mentioned this is running on Redhat's OpenShift cloud infrastructure.

Upvotes: 0

Views: 1305

Answers (1)

MDrollette
MDrollette

Reputation: 6927

In theory you should be able to solve this by setting the "trusted proxies" on the request as described here http://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4

I've had this problem when using CloudFlare, though, which has hundreds of IPs which is impractical to list them all as "trusted" so this is the simplest way I've been able to solve the problem. I put this at the top of the bootstrap file before the autoloader:

// Fix IP for cloudflare
if (isset($_SERVER['HTTP_CF_CONNECTING_IP'])) {
    $_SERVER['HTTP_X_FORWARDED_FOR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
    $_SERVER['HTTP_CLIENT_IP'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
    $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_CF_CONNECTING_IP'];
}

// Fix SSL for cloudflare
if (isset($_SERVER['HTTP_CF_VISITOR'])) {
    if (preg_match('/https/i', $_SERVER['HTTP_CF_VISITOR'])) {
        $_SERVER['HTTPS'] = 'On';
        $_SERVER['HTTP_X_FORWARDED_PORT'] = 443;
        $_SERVER['SERVER_PORT'] = 443;
    }
}

Upvotes: 3

Related Questions