|
14 | 14 | use OCP\IConfig; |
15 | 15 | use OCP\IRequest; |
16 | 16 | use OCP\IRequestId; |
| 17 | +use Psr\Log\LoggerInterface; |
17 | 18 | use Symfony\Component\HttpFoundation\IpUtils; |
18 | 19 |
|
19 | 20 | /** |
@@ -627,36 +628,46 @@ private function isOverwriteCondition(): bool { |
627 | 628 |
|
628 | 629 | /** |
629 | 630 | * Returns the server protocol. It respects one or more reverse proxies servers |
630 | | - * and load balancers |
| 631 | + * and load balancers. Precedence: |
| 632 | + * 1. `overwriteprotocol` config value |
| 633 | + * 2. `X-Forwarded-Proto` header value |
| 634 | + * 3. $_SERVER['HTTPS'] value |
| 635 | + * If an invalid protocol is provided, defaults to http, continues, but logs as an error. |
| 636 | + * |
631 | 637 | * @return string Server protocol (http or https) |
632 | 638 | */ |
633 | 639 | public function getServerProtocol(): string { |
| 640 | + $proto = 'http'; |
| 641 | + |
634 | 642 | if ($this->config->getSystemValueString('overwriteprotocol') !== '' |
635 | | - && $this->isOverwriteCondition()) { |
636 | | - return $this->config->getSystemValueString('overwriteprotocol'); |
637 | | - } |
638 | | - |
639 | | - if ($this->fromTrustedProxy() && isset($this->server['HTTP_X_FORWARDED_PROTO'])) { |
| 643 | + && $this->isOverwriteCondition() |
| 644 | + ) { |
| 645 | + $proto = strtolower($this->config->getSystemValueString('overwriteprotocol')); |
| 646 | + } elseif ($this->fromTrustedProxy() |
| 647 | + && isset($this->server['HTTP_X_FORWARDED_PROTO']) |
| 648 | + ) { |
640 | 649 | if (str_contains($this->server['HTTP_X_FORWARDED_PROTO'], ',')) { |
641 | 650 | $parts = explode(',', $this->server['HTTP_X_FORWARDED_PROTO']); |
642 | 651 | $proto = strtolower(trim($parts[0])); |
643 | 652 | } else { |
644 | 653 | $proto = strtolower($this->server['HTTP_X_FORWARDED_PROTO']); |
645 | 654 | } |
646 | | - |
647 | | - // Verify that the protocol is always HTTP or HTTPS |
648 | | - // default to http if an invalid value is provided |
649 | | - return $proto === 'https' ? 'https' : 'http'; |
650 | | - } |
651 | | - |
652 | | - if (isset($this->server['HTTPS']) |
653 | | - && $this->server['HTTPS'] !== null |
| 655 | + } elseif (!empty($this->server['HTTPS']) |
654 | 656 | && $this->server['HTTPS'] !== 'off' |
655 | | - && $this->server['HTTPS'] !== '') { |
656 | | - return 'https'; |
| 657 | + ) { |
| 658 | + $proto = 'https'; |
657 | 659 | } |
658 | 660 |
|
659 | | - return 'http'; |
| 661 | + if ($proto !== 'https' && $proto !== 'http') { |
| 662 | + // log unrecognized value so admin has a chance to fix it |
| 663 | + \OC::$server->get(LoggerInterface::class)->critical( |
| 664 | + 'Server protocol is malformed [falling back to http] (check overwriteprotocol and/or X-Forwarded-Proto to remedy): ' . $proto, |
| 665 | + ['app' => 'core'] |
| 666 | + ); |
| 667 | + } |
| 668 | + |
| 669 | + // default to http if provided an invalid value |
| 670 | + return $proto === 'https' ? 'https' : 'http'; |
660 | 671 | } |
661 | 672 |
|
662 | 673 | /** |
@@ -743,11 +754,11 @@ public function getRawPathInfo(): string { |
743 | 754 | } |
744 | 755 |
|
745 | 756 | /** |
746 | | - * Get PathInfo from request |
| 757 | + * Get PathInfo from request (rawurldecoded) |
747 | 758 | * @throws \Exception |
748 | 759 | * @return string|false Path info or false when not found |
749 | 760 | */ |
750 | | - public function getPathInfo() { |
| 761 | + public function getPathInfo(): string|false { |
751 | 762 | $pathInfo = $this->getRawPathInfo(); |
752 | 763 | return \Sabre\HTTP\decodePath($pathInfo); |
753 | 764 | } |
|
0 commit comments