[MediaWiki-commits] [Gerrit] Tweak OAuth lib to respect x-forwarded-proto - change (wikimedia...crm)
Ejegg has uploaded a new change for review. https://gerrit.wikimedia.org/r/168303 Change subject: Tweak OAuth lib to respect x-forwarded-proto .. Tweak OAuth lib to respect x-forwarded-proto Dash's OAuth token requests are signed with an https url, but when Drupal get them it tries to verify the signature with an http url because nginx is doing the SSL termination. This patch makes Drupal verify with an https url if x-forwarded-proto is https. Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897 --- M sites/all/modules/contrib/oauth/lib/OAuth.php 1 file changed, 4 insertions(+), 3 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/wikimedia/fundraising/crm refs/changes/03/168303/1 diff --git a/sites/all/modules/contrib/oauth/lib/OAuth.php b/sites/all/modules/contrib/oauth/lib/OAuth.php index 00ea0d5..2341ed7 100644 --- a/sites/all/modules/contrib/oauth/lib/OAuth.php +++ b/sites/all/modules/contrib/oauth/lib/OAuth.php @@ -265,9 +265,10 @@ * attempt to build up a request from what was passed to the server */ public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) { -$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != on) - ? 'http' - : 'https'; +$local_https = isset($_SERVER['HTTPS']) $_SERVER['HTTPS'] == 'on'; +$forwarded_https = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; +$scheme = ($local_https || $forwarded_https) ? 'https' : 'http'; + $http_url = ($http_url) ? $http_url : $scheme . '://' . $_SERVER['SERVER_NAME'] . ':' . -- To view, visit https://gerrit.wikimedia.org/r/168303 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897 Gerrit-PatchSet: 1 Gerrit-Project: wikimedia/fundraising/crm Gerrit-Branch: master Gerrit-Owner: Ejegg eeggles...@wikimedia.org ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] Tweak OAuth lib to respect x-forwarded-proto - change (wikimedia...crm)
Katie Horn has submitted this change and it was merged. Change subject: Tweak OAuth lib to respect x-forwarded-proto .. Tweak OAuth lib to respect x-forwarded-proto Dash's OAuth token requests are signed with an https url, but when Drupal get them it tries to verify the signature with an http url because nginx is doing the SSL termination. This patch makes Drupal verify with an https url if x-forwarded-proto is https. Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897 --- M sites/all/modules/contrib/oauth/lib/OAuth.php 1 file changed, 4 insertions(+), 3 deletions(-) Approvals: Katie Horn: Looks good to me, approved diff --git a/sites/all/modules/contrib/oauth/lib/OAuth.php b/sites/all/modules/contrib/oauth/lib/OAuth.php index 00ea0d5..2341ed7 100644 --- a/sites/all/modules/contrib/oauth/lib/OAuth.php +++ b/sites/all/modules/contrib/oauth/lib/OAuth.php @@ -265,9 +265,10 @@ * attempt to build up a request from what was passed to the server */ public static function from_request($http_method=NULL, $http_url=NULL, $parameters=NULL) { -$scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != on) - ? 'http' - : 'https'; +$local_https = isset($_SERVER['HTTPS']) $_SERVER['HTTPS'] == 'on'; +$forwarded_https = isset($_SERVER['HTTP_X_FORWARDED_PROTO']) $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; +$scheme = ($local_https || $forwarded_https) ? 'https' : 'http'; + $http_url = ($http_url) ? $http_url : $scheme . '://' . $_SERVER['SERVER_NAME'] . ':' . -- To view, visit https://gerrit.wikimedia.org/r/168303 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I6fd058ff8122ced25eb6aa6c0a03d020c78bf897 Gerrit-PatchSet: 1 Gerrit-Project: wikimedia/fundraising/crm Gerrit-Branch: master Gerrit-Owner: Ejegg eeggles...@wikimedia.org Gerrit-Reviewer: Awight awi...@wikimedia.org Gerrit-Reviewer: Katie Horn kh...@wikimedia.org Gerrit-Reviewer: jenkins-bot ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits