search

zendframework / zend-diactoros

PSR-7 HTTP Message implementation
BSD 3-Clause "New" or "Revised" License
1.56k stars 152 forks source link

marshallHttps incorrectly detects HTtPS-connection #362

Closed heiglandreas closed 5 years ago

heiglandreas commented 5 years ago

MarshallHttpsValue tries to detect whether the curent connection is an encryptesd one by trying to detect whether $_SERVER['HTTPS'] exists and does not contain off.

According to the nginx-Documentation that is a problematic approach as in case of an unencrypted connection the 'HTTPS'-key will contain an empty string which will then be resolved to true as it is not the string off. I doubt that that is intended behaviour.

Code to reproduce the issue

<?php
require_once __DIR__ . '/vendor/autoload.php';

$server = [
    "HTTPS" => "",
    "SERVER_NAME"=> "localhost",
    "SERVER_PORT"=>"80",
    "SERVER_ADDR"=> "172.22.0.4",
    "REMOTE_PORT"=> "36852",
    "REMOTE_ADDR" =>  "172.22.0.1",
    "SERVER_SOFTWARE" =>  "nginx/1.11.8",
    "GATEWAY_INTERFACE" =>  "CGI/1.1",
    "SERVER_PROTOCOL" =>  "HTTP/1.1",
    "DOCUMENT_ROOT" => "/var/www/public",
    "DOCUMENT_URI" => "/index.php",
    "REQUEST_URI" =>  "/api/messagebox-schema",
    "PATH_TRANSLATED" => "/var/www/public",
    "PATH_INFO" => "",
    "SCRIPT_NAME" => "/index.php",
    "CONTENT_LENGTH" => "",
    "CONTENT_TYPE" => "",
    "REQUEST_METHOD" => "GET",
    "QUERY_STRING" => "",
    "SCRIPT_FILENAME" => "/var/www/public/index.php",
    "FCGI_ROLE" => "RESPONDER",
    "PHP_SELF" => "/index.php",
    ];

$headers = [
    "HTTP_COOKIE" => '',
    "HTTP_ACCEPT_LANGUAGE" => "de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7",
    "HTTP_ACCEPT_ENCODING" => "gzip, deflate, br",
    "HTTP_REFERER" => "http://localhost:8080/index.html",
    "HTTP_USER_AGENT" => "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/67.0.3396.99 Chrome/67.0.3396.99 Safari/537.36",
    "HTTP_ACCEPT" => "application/json,*/*",
    "HTTP_CONNECTION" => "keep-alive",
    "HTTP_HOST" => "localhost:8080",
];

echo (string) \Zend\Diactoros\marshalUriFromSapi($server, $headers) . "\n";

Expected results

http://localhost:80/api/messagebox-schema

Actual results

https://localhost:80/api/messagebox-schema