From c6b4d993cc8b771318c8dc1d522919dd1eb6447f Mon Sep 17 00:00:00 2001 From: Hamish Friedlander Date: Fri, 5 Jul 2013 16:03:51 +1200 Subject: [PATCH] FIX Director::forceSSL and forceWWW not setting Vary header If you have a Varnish box in front of a SilverStripe install, and you call forceSSL, the Vary header wouldnt get sent. As a result Varnish would respond with the same redirect reponse after the redirect, leading to an infinite loop --- control/Director.php | 29 ++++++++++++++++++++++------- control/HTTP.php | 6 +++--- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/control/Director.php b/control/Director.php index a3686d279..c3029a209 100644 --- a/control/Director.php +++ b/control/Director.php @@ -714,6 +714,26 @@ class Director implements TemplateGlobalProvider { return Director::protocol() . $login . $_SERVER['HTTP_HOST'] . Director::baseURL(); } + /** + * Skip any further processing and immediately respond with a redirect to the passed URL. + * + * @param string $destURL - The URL to redirect to + */ + protected static function force_redirect($destURL) { + $response = new SS_HTTPResponse( + "

Your browser is not accepting header redirects

". + "

Please click here", + 301 + ); + + HTTP::add_cache_headers($response); + $response->addHeader('Location', $destURL); + + // TODO: Use an exception - ATM we can be called from _config.php, before Director#handleRequest's try block + $response->output(); + die; + } + /** * Force the site to run on SSL. * @@ -782,10 +802,7 @@ class Director implements TemplateGlobalProvider { if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) { return $destURL; } else { - if(!headers_sent()) header("Location: $destURL"); - - die("

Your browser is not accepting header redirects

" - . "

Please click here"); + self::force_redirect($destURL); } } else { return false; @@ -800,9 +817,7 @@ class Director implements TemplateGlobalProvider { $destURL = str_replace(Director::protocol(), Director::protocol() . 'www.', Director::absoluteURL($_SERVER['REQUEST_URI'])); - header("Location: $destURL", true, 301); - die("

Your browser is not accepting header redirects

" - . "

Please click here"); + self::force_redirect($destURL); } } diff --git a/control/HTTP.php b/control/HTTP.php index 03f7cdbcb..b1f154b9b 100644 --- a/control/HTTP.php +++ b/control/HTTP.php @@ -338,11 +338,11 @@ class HTTP { $responseHeaders["Cache-Control"] = "max-age=" . self::$cache_age . ", must-revalidate, no-transform"; $responseHeaders["Pragma"] = ""; - // To do: User-Agent should only be added in situations where you *are* actually + // To do: User-Agent should only be added in situations where you *are* actually // varying according to user-agent. $responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept'; - - } else { + } + else { $responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform"; }