elaka / mod-spdy

Automatically exported from code.google.com/p/mod-spdy
0 stars 0 forks source link

Set PHP _SERVER['HTTPS'] to on #32

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What version/revision number of mod_spdy are you using?
Revision: 265

What version of Apache are you using, and on what operating system? 
Server version: Apache/2.2.22 (Unix)
Linux barney 2.6.32.57-grsec #1 SMP Thu Mar 1 19:23:31 CET 2012 i686 GNU/Linux
Debian 6.0.4 distribution
mod_spdy compiled with openssl 1.0.1beta3

What other Apache modules are you using? 
Loaded Modules:
 core_module (static)
 log_config_module (static)
 logio_module (static)
 mpm_prefork_module (static)
 http_module (static)
 so_module (static)
 authn_file_module (shared)
 authn_dbm_module (shared)
 authn_anon_module (shared)
 authn_dbd_module (shared)
 authn_default_module (shared)
 authn_alias_module (shared)
 authz_host_module (shared)
 authz_groupfile_module (shared)
 authz_user_module (shared)
 authz_dbm_module (shared)
 authz_owner_module (shared)
 authz_default_module (shared)
 auth_basic_module (shared)
 auth_digest_module (shared)
 file_cache_module (shared)
 cache_module (shared)
 disk_cache_module (shared)
 mem_cache_module (shared)
 dbd_module (shared)
 dumpio_module (shared)
 reqtimeout_module (shared)
 ext_filter_module (shared)
 include_module (shared)
 filter_module (shared)
 substitute_module (shared)
 charset_lite_module (shared)
 deflate_module (shared)
 log_forensic_module (shared)
 env_module (shared)
 mime_magic_module (shared)
 cern_meta_module (shared)
 expires_module (shared)
 headers_module (shared)
 ident_module (shared)
 usertrack_module (shared)
 unique_id_module (shared)
 setenvif_module (shared)
 version_module (shared)
 proxy_module (shared)
 proxy_connect_module (shared)
 proxy_ftp_module (shared)
 proxy_http_module (shared)
 proxy_scgi_module (shared)
 proxy_ajp_module (shared)
 proxy_balancer_module (shared)
 ssl_module (shared)
 mime_module (shared)
 dav_module (shared)
 status_module (shared)
 autoindex_module (shared)
 asis_module (shared)
 info_module (shared)
 suexec_module (shared)
 cgi_module (shared)
 cgid_module (shared)
 dav_fs_module (shared)
 dav_lock_module (shared)
 vhost_alias_module (shared)
 negotiation_module (shared)
 dir_module (shared)
 imagemap_module (shared)
 actions_module (shared)
 speling_module (shared)
 userdir_module (shared)
 alias_module (shared)
 rewrite_module (shared)

What browser version did you use to access the mod_spdy server?  On what
operating system? What flags was the browser invoked with?  
Google Chrome   17.0.963.79 (Official Build 125985)
OS  Mac OS X
WebKit  535.11 (@110140)
JavaScript  V8 3.7.12.29
Flash   11.1.102.63
User Agent  Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_8) AppleWebKit/535.11 
(KHTML, like Gecko) Chrome/17.0.963.79 Safari/535.11
Command Line     /Applications/Google Chrome.app/Contents/MacOS/Google Chrome 
--restore-last-session --flag-switches-begin --enable-print-preview 
--flag-switches-end
Executable Path /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
Profile Path    /Users/rickard/Library/Application Support/Google/Chrome/Default

What steps will reproduce the problem?
1. Set up PHP-FPM
2. Make a script that does <?php var_dump($_SERVER); 
3. Check that the array key 'HTTPS' is missing or set to off 

What is the expected result? What do you see instead?
I would expect mod_spdy to set HTTPS to "on" because of two reasons:
- The connection is encrypted
- The schema part of the URL is https:// 

Please provide any additional information below.

This makes some web pages act weird. The only confirmed problem so far is that 
WordPress doesn't recognize the connection as HTTPS and thus loads assets using 
an insecure connection, which will result in mixed content warnings. 

However, I suspect that other web applications would have the same problem 
since it's a common way of checking for secure/HTTPS connections.

Original issue reported on code.google.com by rickard....@gmail.com on 14 Mar 2012 at 10:01

GoogleCodeExporter commented 8 years ago
Good catch; thanks for the report.  This shouldn't be hard to fix.

Do you know if there are any other important environment variables that are 
missing when serving pages via mod_spdy?

Original comment by mdste...@google.com on 15 Mar 2012 at 10:42

GoogleCodeExporter commented 8 years ago
Hi

I don't think there are any other environment variables needed to make PHP 
happy, however my tests are pretty limited so far.

This change adds the HTTPS env variable but also adds REDIRECT_HTTPS which is 
unnecessary at least in my application. 

Original comment by rickard....@gmail.com on 24 Mar 2012 at 9:37

Attachments:

GoogleCodeExporter commented 8 years ago

Original comment by mdste...@google.com on 30 Mar 2012 at 9:39

GoogleCodeExporter commented 8 years ago
This should be fixed in trunk as of r277.

It probably won't be in the initial release, but it will be in the next one.

Original comment by mdste...@google.com on 2 Apr 2012 at 5:42