recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix `security.require-https` by marking redirect as external

Summary:
Resolves T5937. HTTPS redirects caused by `security.require-https` use a full scheme, domain and port in the URI. Consequently, this causes invocation of the new external redirect logic and prevents redirection from occurring properly when accessing the HTTP version of Phabricator that has `security.require-https` turned on.

I've also fixed the automatic slash redirection logic to add the external flag where appropriate.

Test Plan: Configured SSL on my local machine and turned on `security.require-https`. Observed the "Refusing to redirect" exception on master, while the redirect completed successfully with this patch.

Reviewers: #blessed_reviewers, epriestley

Reviewed By: #blessed_reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5937

Differential Revision: https://secure.phabricator.com/D10318

James Rhodes a2a0f002 1ffa16aa

+15 -5
+8 -3
src/aphront/configuration/AphrontApplicationConfiguration.php
··· 14 14 abstract public function getURIMap(); 15 15 abstract public function buildRequest(); 16 16 abstract public function build404Controller(); 17 - abstract public function buildRedirectController($uri); 17 + abstract public function buildRedirectController($uri, $external); 18 18 19 19 final public function setRequest(AphrontRequest $request) { 20 20 $this->request = $request; ··· 96 96 $https_uri = $request->getRequestURI(); 97 97 $https_uri->setDomain($request->getHost()); 98 98 $https_uri->setProtocol('https'); 99 - return $this->buildRedirectController($https_uri); 99 + 100 + // In this scenario, we'll be redirecting to HTTPS using an absolute 101 + // URI, so we need to permit an external redirect. 102 + return $this->buildRedirectController($https_uri, true); 100 103 } 101 104 } 102 105 ··· 188 191 189 192 if ($controller && !$request->isHTTPPost()) { 190 193 $slash_uri = $request->getRequestURI()->setPath($path.'/'); 191 - return $this->buildRedirectController($slash_uri); 194 + 195 + $external = strlen($request->getRequestURI()->getDomain()); 196 + return $this->buildRedirectController($slash_uri, $external); 192 197 } 193 198 } 194 199 return $this->build404Controller();
+2 -1
src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
··· 300 300 return array(new Phabricator404Controller($this->getRequest()), array()); 301 301 } 302 302 303 - public function buildRedirectController($uri) { 303 + public function buildRedirectController($uri, $external) { 304 304 return array( 305 305 new PhabricatorRedirectController($this->getRequest()), 306 306 array( 307 307 'uri' => $uri, 308 + 'external' => $external, 308 309 )); 309 310 } 310 311
+5 -1
src/applications/base/controller/PhabricatorRedirectController.php
··· 3 3 final class PhabricatorRedirectController extends PhabricatorController { 4 4 5 5 private $uri; 6 + private $allowExternal; 6 7 7 8 public function shouldRequireLogin() { 8 9 return false; ··· 14 15 15 16 public function willProcessRequest(array $data) { 16 17 $this->uri = $data['uri']; 18 + $this->allowExternal = idx($data, 'external', false); 17 19 } 18 20 19 21 public function processRequest() { 20 - return id(new AphrontRedirectResponse())->setURI($this->uri); 22 + return id(new AphrontRedirectResponse()) 23 + ->setURI($this->uri) 24 + ->setIsExternal($this->allowExternal); 21 25 } 22 26 23 27 }