diff options
| author | Matthew Somerville <matthew@mysociety.org> | 2015-02-24 09:25:51 +0000 |
|---|---|---|
| committer | Matthew Somerville <matthew@mysociety.org> | 2015-02-24 11:05:28 +0000 |
| commit | 6204281850c0a17840c3abeee6cf9b53f251d8a8 (patch) | |
| tree | c71e09b795750342de503943267baaf20e19e3ec | |
| parent | 032db2fbb6bd2bf0cf0cf2daa379610ab319a6a8 (diff) | |
Use config variable for setting proxy trust.
Rather than hardcoding domain names, add a SECURE_PROXY_SSL_HEADER
variable that provides a trusted HTTP header and value that can be used
to determine if we're behind a HTTPS proxy.
| -rw-r--r-- | conf/general.yml-example | 4 | ||||
| -rw-r--r-- | perllib/FixMyStreet/App.pm | 10 |
2 files changed, 9 insertions, 5 deletions
diff --git a/conf/general.yml-example b/conf/general.yml-example index 37e81ad5b..ec053d86d 100644 --- a/conf/general.yml-example +++ b/conf/general.yml-example @@ -24,6 +24,10 @@ FMS_DB_PASS: '' BASE_URL: 'http://www.example.org' # Use the below if you're using the Catalyst development server # BASE_URL: 'http://localhost:3000' +SECURE_PROXY_SSL_HEADER: '' +# If you're behind a proxy, set this to a two-element list containing the +# trusted HTTP header and the required value. For example: +# SECURE_PROXY_SSL_HEADER: [ 'X-Forwarded-Proto', 'https' ] # Email domain used for emails, and contact name/email for admin use. EMAIL_DOMAIN: 'example.org' diff --git a/perllib/FixMyStreet/App.pm b/perllib/FixMyStreet/App.pm index 769a6bb8f..2fff79cec 100644 --- a/perllib/FixMyStreet/App.pm +++ b/perllib/FixMyStreet/App.pm @@ -89,15 +89,15 @@ __PACKAGE__->config( # Start the application __PACKAGE__->setup(); -# Due to some current issues with proxyings, need to manually -# tell the code we're secure if we are. +# If your site is secure but running behind a proxy, you might need to set the +# SECURE_PROXY_SSL_HEADER configuration variable so this can be spotted. after 'prepare_headers' => sub { my $self = shift; my $base_url = $self->config->{BASE_URL}; + my $ssl_header = $self->config->{SECURE_PROXY_SSL_HEADER}; my $host = $self->req->headers->header('Host'); - $self->req->secure( 1 ) if $base_url eq 'https://www.zueriwieneu.ch'; - $self->req->secure( 1 ) if $base_url eq 'https://www.fixmystreet.com' - && ( $host eq 'fix.bromley.gov.uk' || $host eq 'www.fixmystreet.com' ); + $self->req->secure(1) if $ssl_header && ref $ssl_header eq 'ARRAY' + && @$ssl_header == 2 && $self->req->header($ssl_header->[0]) eq $ssl_header->[1]; }; # set up DB handle for old code |