From bc0fa40b24f73ccce067f2d23e9aae1335c46694 Mon Sep 17 00:00:00 2001 From: Frédéric Guillot Date: Mon, 8 Sep 2014 16:49:54 +0200 Subject: Fix bug HTTPS detection (issue with IIS) --- app/Core/Response.php | 2 +- app/Core/Session.php | 2 +- app/Core/Tool.php | 23 +++++++++++++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) (limited to 'app/Core') diff --git a/app/Core/Response.php b/app/Core/Response.php index 1ccf9f5e..347cdde7 100644 --- a/app/Core/Response.php +++ b/app/Core/Response.php @@ -246,7 +246,7 @@ class Response */ public function hsts() { - if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { + if (Tool::isHTTPS()) { header('Strict-Transport-Security: max-age=31536000'); } } diff --git a/app/Core/Session.php b/app/Core/Session.php index f072350d..4f44e8e0 100644 --- a/app/Core/Session.php +++ b/app/Core/Session.php @@ -35,7 +35,7 @@ class Session self::SESSION_LIFETIME, $base_path ?: '/', null, - ! empty($_SERVER['HTTPS']), + Tool::isHTTPS(), true ); diff --git a/app/Core/Tool.php b/app/Core/Tool.php index 85b684e2..e54a0d3b 100644 --- a/app/Core/Tool.php +++ b/app/Core/Tool.php @@ -32,6 +32,15 @@ class Tool } } + /** + * Load and register a model + * + * @static + * @access public + * @param Core\Registry $registry DPI container + * @param string $name Model name + * @return mixed + */ public static function loadModel(Registry $registry, $name) { if (! isset($registry->$name)) { @@ -41,4 +50,18 @@ class Tool return $registry->shared($name); } + + /** + * Check if the page is requested through HTTPS + * + * Note: IIS return the value 'off' and other web servers an empty value when it's not HTTPS + * + * @static + * @access public + * @return boolean + */ + public static function isHTTPS() + { + return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== '' && $_SERVER['HTTPS'] !== 'off'; + } } -- cgit v1.2.3