HomePhabricator
Diffusion Phabricator a2a0f002f069

Fix `security.require-https` by marking redirect as external
a2a0f002f069
Actions

Description

Fix security.require-https by marking redirect as external

Summary:
Resolves T5937. HTTPS redirects caused by security.require-https use a full scheme, domain and port in the URI. Consequently, this causes invocation of the new external redirect logic and prevents redirection from occurring properly when accessing the HTTP version of Phabricator that has security.require-https turned on.

I've also fixed the automatic slash redirection logic to add the external flag where appropriate.

Test Plan: Configured SSL on my local machine and turned on security.require-https. Observed the "Refusing to redirect" exception on master, while the redirect completed successfully with this patch.

Reviewers: Blessed Reviewers, epriestley

Reviewed By: Blessed Reviewers, epriestley

Subscribers: epriestley, Korvin

Maniphest Tasks: T5937

Differential Revision: https://secure.phabricator.com/D10318

Details

Provenance
hach-queAuthored on
hach-quePushed on Aug 21 2014, 11:35 AM
Reviewer
Blessed Reviewers
Differential Revision
D10318: Fix `security.require-https` by marking redirect as external
Parents
rP1ffa16aa6b38: Fix invalid redirect when issuing actions on buildables
Branches
Unknown
Tags
Unknown
Tasks
T5937: Redirect to HTTPS from HTTP fails because "not marked external"

Changes (3)

PathSize
src/
aphront/
configuration/
applications/
base/
controller/

rPa2a0f002f069

View Options

src/aphront/configuration/AphrontApplicationConfiguration.php

Loading...
View Options

src/aphront/configuration/AphrontDefaultApplicationConfiguration.php

Loading...
View Options

src/applications/base/controller/PhabricatorRedirectController.php

Loading...
Phabricator ยท Built by Phacility