You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To the point: recently I have installed Grav on a server which reports both $_SERVER['HTTPS'] as on and at the same time $_SERVER['REQUEST_SCHEME'] as http. I should add that on this setup I am using Grav with HTTPS exclusively. The problem manifests itself when a trailing slash redirection is on, so, for example, on admin login page or on any page with a trailing slash, for that matter, like https://example.com/about/. The latter will be redirected to http://example.com:443/about which causes the 400 error. The direct cause of this is the way the $request object is initialized and psr7's URI scheme is detected. It's in this fragment of https://github.com/Nyholm/psr7-server/blob/master/src/ServerRequestCreator.php:
It sets URI's scheme as http regardless of the fact that HTTPS header is on and port is 443. I tried to modify the URI using withScheme() method in handleRedirectRequest() in InitializeProcessor, but it didn't change the scheme.
The text was updated successfully, but these errors were encountered:
It is not a Grav issue per se, since it originates in psr7-server/ServerRequestCreator.php. I reported the issue upstream, but I have no way of knowing if it will be resolved there and in the meantime it will keep affecting Grav anyway.
To the point: recently I have installed Grav on a server which reports both
$_SERVER['HTTPS']asonand at the same time$_SERVER['REQUEST_SCHEME']ashttp. I should add that on this setup I am using Grav with HTTPS exclusively. The problem manifests itself when a trailing slash redirection is on, so, for example, on admin login page or on any page with a trailing slash, for that matter, likehttps://example.com/about/. The latter will be redirected tohttp://example.com:443/aboutwhich causes the 400 error. The direct cause of this is the way the$requestobject is initialized and psr7's URI scheme is detected. It's in this fragment of https://github.com/Nyholm/psr7-server/blob/master/src/ServerRequestCreator.php:https://github.com/Nyholm/psr7-server/blob/b846a689844cef114e8079d8c80f0afd96745ae3/src/ServerRequestCreator.php#L272-L276
It sets URI's scheme as
httpregardless of the fact thatHTTPSheader isonand port is443. I tried to modify the URI usingwithScheme()method inhandleRedirectRequest()inInitializeProcessor, but it didn't change the scheme.The text was updated successfully, but these errors were encountered: