Open hvanoch opened 1 year ago
We are experiencing the same issue as described here: https://github.com/oroinc/platform/issues/1025 We did found the cause and solution.
This happens when proxing an https for a http request. In https://github.com/oroinc/platform/blob/3475755da91e4b2854ef779d6dbb653f3f506ab5/src/Oro/Bundle/SecurityBundle/Resources/config/services.yml#L744 The thirth parameter is not configured. If you provide the request_stack service it will actually check if https is used with the symfony request, instead of the PHP $_SERVER variable. The symfony request has checks that validate if the request is being used by a proxy. So changing it from:
oro_security.csrf_token_manager: class: Symfony\Component\Security\Csrf\CsrfTokenManager public: false arguments: - '@security.csrf.token_generator' - '@oro_security.csrf.cookie_token_storage'
to
oro_security.csrf_token_manager: class: Symfony\Component\Security\Csrf\CsrfTokenManager public: false arguments: - '@security.csrf.token_generator' - '@oro_security.csrf.cookie_token_storage' - '@request_stack'
Fixes the issue.
The symfony class that is used looks like.
public function __construct(TokenGeneratorInterface $generator = null, TokenStorageInterface $storage = null, $namespace = null) { $this->generator = $generator ?? new UriSafeTokenGenerator(); $this->storage = $storage ?? new NativeSessionTokenStorage(); $superGlobalNamespaceGenerator = function () { return !empty($_SERVER['HTTPS']) && 'off' !== strtolower($_SERVER['HTTPS']) ? 'https-' : ''; }; if (null === $namespace) { $this->namespace = $superGlobalNamespaceGenerator; } elseif ($namespace instanceof RequestStack) { $this->namespace = function () use ($namespace, $superGlobalNamespaceGenerator) { if ($request = $namespace->getMainRequest()) { return $request->isSecure() ? 'https-' : ''; } return $superGlobalNamespaceGenerator(); }; } elseif (\is_callable($namespace) || \is_string($namespace)) { $this->namespace = $namespace; } else { throw new InvalidArgumentException(sprintf('$namespace must be a string, a callable returning a string, null or an instance of "RequestStack". "%s" given.', get_debug_type($namespace))); } }
We are experiencing the same issue as described here: https://github.com/oroinc/platform/issues/1025 We did found the cause and solution.
This happens when proxing an https for a http request. In https://github.com/oroinc/platform/blob/3475755da91e4b2854ef779d6dbb653f3f506ab5/src/Oro/Bundle/SecurityBundle/Resources/config/services.yml#L744 The thirth parameter is not configured. If you provide the request_stack service it will actually check if https is used with the symfony request, instead of the PHP $_SERVER variable. The symfony request has checks that validate if the request is being used by a proxy. So changing it from:
to
Fixes the issue.
The symfony class that is used looks like.