202-ecommerce
commented
5 years ago we've made a pull request to verify if your CI an your tests cover this part of the code and maybe help us to fix this bug.
Closed 202-ecommerce closed 5 years ago
202-ecommerce
commented
5 years ago we've made a pull request to verify if your CI an your tests cover this part of the code and maybe help us to fix this bug.
matks
commented
5 years ago But for those witch have a specific port to access to its PrestaShop and configure a shop url with a port we introduce a bug...
Does not look like an issue to me 🤔what would be the usage of a shop URL with a port in it ?
@PierreRambaud any opinion of that ? I dont think we should care about such an exotic usecase
202-ecommerce
commented
5 years ago @matks yep it's exotic, that why our first reflex is to verify witch validation is done for shop url... But for now any validation is done... (you can submit a shop_url with spaces, or exotic characters). And that the second part of the problem. So if we add a restriction [a-z0-9.] on shop_url PrestaShop became incompatible with specific port but the behavior is quite coherent.
Perhap's an exit door to manage properly this bug for @PierreRambaud ?
matks
commented
5 years ago
Describe the bug
When a server send a request with an host with port in HTTPS, Prestashop don't found the shop and send a redirection to HTTP url.
For instance when ATOS send a validation to the controller of Franfinance module (and probably Atos / atos3x), his HTTP header is :
HOST: www.my-prestashop.tld:443
Then the Shop::initialize method try to find in shop URL $host with Tools::getHttpHost() witch return www.my-prestashop.tld:443 BUT in our shop_url we have only "www.my-prestashop.tld" without the port.
The tricky bug is that not all Atos server send host with port, we think that it depend of the payment server... But when a payment is manage by this servers, a payment is done but the order is not created an validated on the backoffice (redirection is not followed).
Reproduce this bug
curl -I -H "Host: www.my-prestashop.tld:443" https://www.my-prestashop.tld/
Response headers : HTTP/1.0 301 Moved Permanently Date: Wed, 05 Jun 2019 14:18:30 GMT Server: Apache Location: http://www.my-prestashop.tld/ Cache-Control: max-age=0 Expires: Wed, 05 Jun 2019 14:18:30 GMT Connection: close Content-Type: text/html; charset=utf-8
Correct response will be status: 200
Suggested Pull Request
We suggest to do this modification on the initialize shop method :
$host = Tools::getHttpHost(false, false, true);
We can do a pull request.
The third parameter ignore the port. And will return www.my-prestashop.tld as expedted the shop will be found in the database and a status 200 will be return.
But for those witch have a specific port to access to its PrestaShop and configure a shop url with a port we introduce a bug... So we try to find a fix and verify if a user can specify his own port, but we found that a user can configure as shop domain: www.my-prestashop.tld:443foobar It looks like a validation is missing because port 443foobar is not valid.
So we suggest to add a PrestaShop configuration (or equivalent) to ignore port or not all over the Prestashop platform (default value ignore = true). After that, getHttpHost third option can be replace by the new configuration.
Other heavy solution is to manage port on shop url table with a specific column to manage port.
What do you think about this ?
Additionnal information PrestaShop version: 1.6.x and 1.7.x PHP version: All
All calls on webhook or API (native or through a front Controller) using a server sending HOST with optional port (https://developer.mozilla.org/fr/docs/Web/HTTP/Headers/Host )