mirror of
https://github.com/silverstripe/silverstripe-framework
synced 2024-10-22 14:05:37 +02:00
FIX Director::forceSSL and forceWWW not setting Vary header
If you have a Varnish box in front of a SilverStripe install, and you call forceSSL, the Vary header wouldnt get sent. As a result Varnish would respond with the same redirect reponse after the redirect, leading to an infinite loop
This commit is contained in:
parent
ff45f7ce4d
commit
c6b4d993cc
@ -714,6 +714,26 @@ class Director implements TemplateGlobalProvider {
|
||||
return Director::protocol() . $login . $_SERVER['HTTP_HOST'] . Director::baseURL();
|
||||
}
|
||||
|
||||
/**
|
||||
* Skip any further processing and immediately respond with a redirect to the passed URL.
|
||||
*
|
||||
* @param string $destURL - The URL to redirect to
|
||||
*/
|
||||
protected static function force_redirect($destURL) {
|
||||
$response = new SS_HTTPResponse(
|
||||
"<h1>Your browser is not accepting header redirects</h1>".
|
||||
"<p>Please <a href=\"$destURL\">click here</a>",
|
||||
301
|
||||
);
|
||||
|
||||
HTTP::add_cache_headers($response);
|
||||
$response->addHeader('Location', $destURL);
|
||||
|
||||
// TODO: Use an exception - ATM we can be called from _config.php, before Director#handleRequest's try block
|
||||
$response->output();
|
||||
die;
|
||||
}
|
||||
|
||||
/**
|
||||
* Force the site to run on SSL.
|
||||
*
|
||||
@ -782,10 +802,7 @@ class Director implements TemplateGlobalProvider {
|
||||
if(class_exists('SapphireTest', false) && SapphireTest::is_running_test()) {
|
||||
return $destURL;
|
||||
} else {
|
||||
if(!headers_sent()) header("Location: $destURL");
|
||||
|
||||
die("<h1>Your browser is not accepting header redirects</h1>"
|
||||
. "<p>Please <a href=\"$destURL\">click here</a>");
|
||||
self::force_redirect($destURL);
|
||||
}
|
||||
} else {
|
||||
return false;
|
||||
@ -800,9 +817,7 @@ class Director implements TemplateGlobalProvider {
|
||||
$destURL = str_replace(Director::protocol(), Director::protocol() . 'www.',
|
||||
Director::absoluteURL($_SERVER['REQUEST_URI']));
|
||||
|
||||
header("Location: $destURL", true, 301);
|
||||
die("<h1>Your browser is not accepting header redirects</h1>"
|
||||
. "<p>Please <a href=\"$destURL\">click here</a>");
|
||||
self::force_redirect($destURL);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -338,11 +338,11 @@ class HTTP {
|
||||
$responseHeaders["Cache-Control"] = "max-age=" . self::$cache_age . ", must-revalidate, no-transform";
|
||||
$responseHeaders["Pragma"] = "";
|
||||
|
||||
// To do: User-Agent should only be added in situations where you *are* actually
|
||||
// To do: User-Agent should only be added in situations where you *are* actually
|
||||
// varying according to user-agent.
|
||||
$responseHeaders['Vary'] = 'Cookie, X-Forwarded-Protocol, User-Agent, Accept';
|
||||
|
||||
} else {
|
||||
}
|
||||
else {
|
||||
$responseHeaders["Cache-Control"] = "no-cache, max-age=0, must-revalidate, no-transform";
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user