tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-06-30 00:19:25 +02:00
Code Issues Projects Releases Wiki Activity

FIX Director::forceSSL and forceWWW not setting Vary header

Browse Source 
If you have a Varnish box in front of a SilverStripe install, and
you call forceSSL, the Vary header wouldnt get sent. As a result
Varnish would respond with the same redirect reponse after the
redirect, leading to an infinite loop
This commit is contained in:
Hamish Friedlander 2013-07-05 16:03:51 +12:00
parent ff45f7ce4d
commit c6b4d993cc
2 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
control/Director.php
View File

@ -714,6 +714,26 @@ class Director implements TemplateGlobalProvider {
return Director::protocol() . $login . $_SERVER['HTTP_HOST'] . Director::baseURL();
}
/**
* Skip any further processing and immediately respond with a redirect to the passed URL.
*
* @param string $destURL - The URL to redirect to
*/
protected static function force_redirect($destURL) {
$response = new SS_HTTPResponse(
"<h1>Your browser is not accepting header redirects</h1>".
"<p>Please <a href=\"$destURL\">click here</a>",
301
);
HTTP::add_cache_headers($response);
$response->addHeader('Location', $destURL);
// TODO: Use an exception - ATM we can be called from _config.php, before Director#handleRequest's try block
$response->output();
die;
}
/**
* Force the site to run on SSL.
*
@ -782,10 +802,7 @@ class Director implements TemplateGlobalProvider {
if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
return $destURL;
} else {
if(!headers_sent()) header("Location: $destURL");
die("<h1>Your browser is not accepting header redirects</h1>"
. "<p>Please <a href=\"$destURL\">click here</a>");
self::force_redirect($destURL);
}
} else {
return false;
@ -800,9 +817,7 @@ class Director implements TemplateGlobalProvider {
$destURL = str_replace(Director::protocol(), Director::protocol() . 'www.',
Director::absoluteURL($_SERVER['REQUEST_URI']));
header("Location: $destURL", true, 301);
die("<h1>Your browser is not accepting header redirects</h1>"
. "<p>Please <a href=\"$destURL\">click here</a>");
self::force_redirect($destURL);
}
}

6
control/HTTP.php
View File

@ -338,11 +338,11 @@ class HTTP {
$responseHeaders["Cache-Control"] = "max-age=" . self::$cache_age . ", must-revalidate, no-transform";
$responseHeaders["Pragma"] = "";
// To do: User-Agent should only be added in situations where you *are* actually
// To do: User-Agent should only be added in situations where you *are* actually
// varying according to user-agent.
$responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept';
} else {
}
else {
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
}