Maniphest T72021

WebRequest::detectServer() appends ":80" to hostname when HTTP_X_FORWARDED_PROTO == "https"
Closed, ResolvedPublic
Actions

Assigned To

None

Authored By

	bd808
	Aug 26 2014, 3:16 AM

Description

Seen in labs when running a MediaWiki-Vagrant configured wiki behind yuviproxy. Configuration sets $wgServer = WebRequest::detectServer() which works great when HTTP_X_FORWARDED_PROTO is unset or http. When it is https, detectServer() adds ":80" to the generated url (eg "https://sulfinalization.wmflabs.org:80").

This is caused by a mismatch between the standard port for https (443) and the active SERVER_PORT reported by Apache (80). detectServer() calls IP::combineHostAndPort( $host, $port=80, $stdPort=443 ) which leads to a return value of $host:80 since the active port and the default port do not match.

I think naively that this could be fixed by choosing to set $port = $stdPort when $_SERVER['HTTP_X_FORWARDED_PROTO'] is set to 'https' and assume the upstream ssl proxy is running on the standard port 443.

Can anyone think of a realistic deployment scenario where this would be the wrong behavior?

Version: 1.24rc
Severity: normal

Details

Reference: bz70021

Event Timeline

• bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:43 AM

• bzimport added a project: MediaWiki-General.

• bzimport set Reference to bz70021.

• bzimport added a subscriber: Unknown Object (MLST).

bd808 created this task.Aug 26 2014, 3:16 AM

gerritadmin wrote:

Change 156236 had a related patch set uploaded by BryanDavis:
Use protocol default port with HTTP_X_FORWARDED_PROTO

https://gerrit.wikimedia.org/r/156236