-
Benjamin Franzke authored
The HTTP_HOST verification failed if the proxy server port was different to the local webserver port, due to an assumption in hostHeaderValueMatchesTrustedHostsPattern() that concluded that the local webserver port needs to match the default port of the proxy server. In case a HTTPS termination proxy is used, that assumption can not be made, as it is common practice to use HTTP backends behind a HTTPS proxy in private networks. Therefore the port is now verified against the default port of the current webserver, not a possible proxy server. Scenario: * Proxy Server HTTPS (SSL termination) => Port 443 * Application Server HTTP => Port 80 * Default trustedHostsPattern setting It was previously required to configure a (slow) trustedHostsPattern to circumvent this issue. Releases: master, 10.4 Resolves: #94113 Change-Id: I294b87164aee834d8c0b5e0a75da3e19051fe592 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66613 Tested-by: core-ci <typo3@b13.com> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Tested-by: Jochen <rothjochen@gmail.com> Tested-by: Benjamin Franzke <bfr@qbus.de> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Jochen <rothjochen@gmail.com> Reviewed-by: Benjamin Franzke <bfr@qbus.de>
2da5fed0Benjamin Franzke authoredThe HTTP_HOST verification failed if the proxy server port was different to the local webserver port, due to an assumption in hostHeaderValueMatchesTrustedHostsPattern() that concluded that the local webserver port needs to match the default port of the proxy server. In case a HTTPS termination proxy is used, that assumption can not be made, as it is common practice to use HTTP backends behind a HTTPS proxy in private networks. Therefore the port is now verified against the default port of the current webserver, not a possible proxy server. Scenario: * Proxy Server HTTPS (SSL termination) => Port 443 * Application Server HTTP => Port 80 * Default trustedHostsPattern setting It was previously required to configure a (slow) trustedHostsPattern to circumvent this issue. Releases: master, 10.4 Resolves: #94113 Change-Id: I294b87164aee834d8c0b5e0a75da3e19051fe592 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/66613 Tested-by: core-ci <typo3@b13.com> Tested-by: Christian Kuhn <lolli@schwarzbu.ch> Tested-by: Jochen <rothjochen@gmail.com> Tested-by: Benjamin Franzke <bfr@qbus.de> Reviewed-by: Christian Kuhn <lolli@schwarzbu.ch> Reviewed-by: Jochen <rothjochen@gmail.com> Reviewed-by: Benjamin Franzke <bfr@qbus.de>
Loading