CMS MADE SIMPLE FORGE

CMS Made Simple Core

Back to List

[#9559] HTTPS detection is incorrect - especially for NGINX

Created By: Tantuss (Tantuss)

Date Submitted: Sat Sep 28 11:09:37 -0400 2013

Assigned To:

Version: 1.11.6

CMSMS Version: None

Severity: Minor

Resolution: Fixed

State: Closed

Summary:

HTTPS detection is incorrect - especially for NGINX

Detailed Description:

Some files are loaded from https while others are loaded from http.

HTTPS detection is incorrect, especially you get this with a default NGINX
setup.

In the file:
\lib\classes\class.cms_config.php

There is many times this written:
if( isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off' )

In NGINX the $_SERVER['HTTPS'] is always set, but if it is not https, it will be
empty.
The assumption of the code is there for incorrect, it should be something like:
if( isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS']
!= 'off' )

A quick fix for NGINX user is currently to do this:
Edit your:
/etc/nginx/fastcgi_params

There is this line:
fastcgi_param HTTPS $https;

Replace it with this:
fastcgi_param HTTPS $https if_not_empty;

History

Date: 2015-01-14 15:16
Posted By: Robert Campbell (calguy1000)

Fixed for CMSMS 1.11.12

Updated: 2015-04-21 21:41
state: Open => Closed

Updated: 2015-01-14 15:16
resolution_id: => 7
cmsms_version_id: 30122 => -1

CMSMS | CMS Made Simple

CMS MADE SIMPLE FORGE

CMS Made Simple Core

[#9559] HTTPS detection is incorrect - especially for NGINX

History