Skip to content

Commit

Permalink
Check 'HTTP_' server variables via request class. Fixes #3246
Browse files Browse the repository at this point in the history
  • Loading branch information
@michalsn
michalsn committed Jul 10, 2020
1 parent 5d8dd65 commit 850ee9b
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 7 deletions.
7 changes: 3 additions & 4 deletions system/HTTP/IncomingRequest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -294,8 +294,7 @@ public function isCLI(): bool
*/
public function isAJAX(): bool
{
return ( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) &&
strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) === 'xmlhttprequest');
return $this->hasHeader('X-Requested-With') && strtolower($this->getHeader('X-Requested-With')->getValue()) === 'xmlhttprequest';
}

//--------------------------------------------------------------------
Expand All @@ -312,11 +311,11 @@ public function isSecure(): bool
{
return true;
}
elseif (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
elseif ($this->hasHeader('X-Forwarded-Proto') && $this->getHeader('X-Forwarded-Proto')->getValue() === 'https')
{
return true;
}
elseif (! empty($_SERVER['HTTP_FRONT_END_HTTPS']) && strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) !== 'off')
elseif ($this->hasHeader('Front-End-Https') && ! empty($this->getHeader('Front-End-Https')->getValue()) && strtolower($this->getHeader('Front-End-Https')->getValue()) !== 'off')
{
return true;
}
Expand Down
6 changes: 3 additions & 3 deletions tests/system/HTTP/IncomingRequestTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,7 +326,7 @@ public function testIsCLI()

public function testIsAJAX()
{
$_SERVER['HTTP_X_REQUESTED_WITH'] = 'xmlhttprequest';
$this->request->appendHeader('X-Requested-With', 'XMLHttpRequest');
$this->assertTrue($this->request->isAJAX());
}

Expand All @@ -340,13 +340,13 @@ public function testIsSecure()

public function testIsSecureFrontEnd()
{
$_SERVER['HTTP_FRONT_END_HTTPS'] = 'on';
$this->request->appendHeader('Front-End-Https', 'on');
$this->assertTrue($this->request->isSecure());
}

public function testIsSecureForwarded()
{
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
$this->request->appendHeader('X-Forwarded-Proto', 'https');
$this->assertTrue($this->request->isSecure());
}

Expand Down

0 comments on commit 850ee9b

Please sign in to comment.