Fix forceSsl exceptions

verbb / patrol

Easy Maintenance Mode and Smart HTTPS Routing for Craft CMS

MIT License

29 stars 8 forks source link

Fix forceSsl exceptions #13

Closed chrisrowe closed 5 years ago

chrisrowe commented 5 years ago

This ensures Patrol starts with a baseUrl containing the schema (and includes a port if used) before trimming/replacing http: and avoids it throwing a FILTER_VALIDATE_URL exception. I also added the available override setting to the readme.

chrisrowe commented 5 years ago

I also remembered after digging through Yii's Request.php that both serverName and hostInfo are susceptible to Host spoofing by passing a header. Is this something primaryDomain is designed for, to prevent cache poisoning attacks?

selvinortiz commented 5 years ago

@chrisrowe Thank you!

I've been lagging behind on Patrol maintenance, your help is much appreciated.

Primary domain is used in routing but for a slightly different purpose than SSL alone. It let's you redirect to a specific domain if your site/app can be accessed via different domains.

chrisrowe commented 5 years ago

@selvinortiz Thanks, any idea when you'll be cutting a new release for this?

selvinortiz commented 5 years ago

@chrisrowe Sorry about the delay, Chris. I'll do my best to cut a new release before the weekend.