mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX Director::forceSSL and forceWWW not setting Vary header
If you have a Varnish box in front of a SilverStripe install, and you call forceSSL, the Vary header wouldnt get sent. As a result Varnish would respond with the same redirect reponse after the redirect, leading to an infinite loop
This commit is contained in:
parent
ff45f7ce4d
commit
c6b4d993cc
@ -714,6 +714,26 @@ class Director implements TemplateGlobalProvider {
|
|||||||
return Director::protocol() . $login . $_SERVER['HTTP_HOST'] . Director::baseURL();
|
return Director::protocol() . $login . $_SERVER['HTTP_HOST'] . Director::baseURL();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Skip any further processing and immediately respond with a redirect to the passed URL.
|
||||||
|
*
|
||||||
|
* @param string $destURL - The URL to redirect to
|
||||||
|
*/
|
||||||
|
protected static function force_redirect($destURL) {
|
||||||
|
$response = new SS_HTTPResponse(
|
||||||
|
"<h1>Your browser is not accepting header redirects</h1>".
|
||||||
|
"<p>Please <a href=\"$destURL\">click here</a>",
|
||||||
|
301
|
||||||
|
);
|
||||||
|
|
||||||
|
HTTP::add_cache_headers($response);
|
||||||
|
$response->addHeader('Location', $destURL);
|
||||||
|
|
||||||
|
// TODO: Use an exception - ATM we can be called from _config.php, before Director#handleRequest's try block
|
||||||
|
$response->output();
|
||||||
|
die;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Force the site to run on SSL.
|
* Force the site to run on SSL.
|
||||||
*
|
*
|
||||||
@ -782,10 +802,7 @@ class Director implements TemplateGlobalProvider {
|
|||||||
if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
|
if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
|
||||||
return $destURL;
|
return $destURL;
|
||||||
} else {
|
} else {
|
||||||
if(!headers_sent()) header("Location: $destURL");
|
self::force_redirect($destURL);
|
||||||
|
|
||||||
die("<h1>Your browser is not accepting header redirects</h1>"
|
|
||||||
. "<p>Please <a href=\"$destURL\">click here</a>");
|
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
return false;
|
return false;
|
||||||
@ -800,9 +817,7 @@ class Director implements TemplateGlobalProvider {
|
|||||||
$destURL = str_replace(Director::protocol(), Director::protocol() . 'www.',
|
$destURL = str_replace(Director::protocol(), Director::protocol() . 'www.',
|
||||||
Director::absoluteURL($_SERVER['REQUEST_URI']));
|
Director::absoluteURL($_SERVER['REQUEST_URI']));
|
||||||
|
|
||||||
header("Location: $destURL", true, 301);
|
self::force_redirect($destURL);
|
||||||
die("<h1>Your browser is not accepting header redirects</h1>"
|
|
||||||
. "<p>Please <a href=\"$destURL\">click here</a>");
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -341,8 +341,8 @@ class HTTP {
|
|||||||
// To do: User-Agent should only be added in situations where you *are* actually
|
// To do: User-Agent should only be added in situations where you *are* actually
|
||||||
// varying according to user-agent.
|
// varying according to user-agent.
|
||||||
$responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept';
|
$responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept';
|
||||||
|
}
|
||||||
} else {
|
else {
|
||||||
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
|
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user