Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F14023104
D11894.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D11894.diff
View Options
diff --git a/src/applications/config/check/PhabricatorBaseURISetupCheck.php b/src/applications/config/check/PhabricatorBaseURISetupCheck.php
--- a/src/applications/config/check/PhabricatorBaseURISetupCheck.php
+++ b/src/applications/config/check/PhabricatorBaseURISetupCheck.php
@@ -9,20 +9,53 @@
protected function executeChecks() {
$base_uri = PhabricatorEnv::getEnvConfig('phabricator.base-uri');
- if (strpos(AphrontRequest::getHTTPHeader('Host'), '.') === false) {
- $summary = pht(
- 'The domain does not contain a dot. This is necessary for some web '.
- 'browsers to be able to set cookies.');
-
- $message = pht(
- 'The domain in the base URI must contain a dot ("."), e.g. '.
- '"http://example.com", not just a bare name like "http://example/". '.
- 'Some web browsers will not set cookies on domains with no TLD.');
+ $host_header = AphrontRequest::getHTTPHeader('Host');
+ if (strpos($host_header, '.') === false) {
+ if (!strlen(trim($host_header))) {
+ $name = pht('No "Host" Header');
+ $summary = pht('No "Host" header present in request.');
+ $message = pht(
+ 'This request did not include a "Host" header. This may mean that '.
+ 'your webserver (like nginx or apache) is misconfigured so the '.
+ '"Host" header is not making it to Phabricator, or that you are '.
+ 'making a raw request without a "Host" header using a tool or '.
+ 'library.'.
+ "\n\n".
+ 'If you are using a web browser, check your webserver '.
+ 'configuration. If you are using a tool or library, check how the '.
+ 'request is being constructed.'.
+ "\n\n".
+ 'It is also possible (but very unlikely) that some other network '.
+ 'device (like a load balancer) is stripping the header.'.
+ "\n\n".
+ 'Requests must include a valid "Host" header.');
+ } else {
+ $name = pht('Bad "Host" Header');
+ $summary = pht('Request has bad "Host" header.');
+ $message = pht(
+ 'This request included an invalid "Host" header, with value "%s". '.
+ 'Host headers must contain a dot ("."), like "example.com". This '.
+ 'is required for some browsers to be able to set cookies.'.
+ "\n\n".
+ 'This may mean the base URI is configured incorrectly. You must '.
+ 'serve Phabricator from a base URI with a dot (like '.
+ '"https://phabricator.mycompany.com"), not a bare domain '.
+ '(like "https://phabricator/"). If you are trying to use a bare '.
+ 'domain, change your configuration to use a full domain with a dot '.
+ 'in it instead.'.
+ "\n\n".
+ 'This might also mean that your webserver (or some other network '.
+ 'device, like a load balancer) is mangling the "Host" header, or '.
+ 'you are using a tool or library to issue a request manually and '.
+ 'setting the wrong "Host" header.'.
+ "\n\n".
+ 'Requests must include a valid "Host" header.',
+ $host_header);
+ }
$this
- ->newIssue('config.phabricator.domain')
- ->setShortName(pht('Dotless Domain'))
- ->setName(pht('No Dot Character in Domain'))
+ ->newIssue('request.host')
+ ->setName($name)
->setSummary($summary)
->setMessage($message)
->setIsFatal(true);
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, Nov 7, 10:53 PM (1 w, 5 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6751730
Default Alt Text
D11894.diff (3 KB)
Attached To
Mode
D11894: Improve "Host" header check
Attached
Detach File
Event Timeline
Log In to Comment