Log potential redirect loops caused by forced HTTPS

colinodell · colinodell · commit 53048cec6d72 · 2018-06-19T10:59:18.000-04:00
If the developer forgets/fails to set "trusted_proxies" properly, forcing the https channel can cause infinite redirect loops. This change will hopefully help them identify the problem faster. See #27603
diff --git a/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php b/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
@@ -46,7 +46,13 @@ public function handle(GetResponseEvent $event)
 
         if ('https' === $channel && !$request->isSecure()) {
             if (null !== $this->logger) {
-                $this->logger->info('Redirecting to HTTPS.');
+                if ('https' === $request->headers->get('X-Forwarded-Proto')) {
+                    $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
+                } elseif (false !== strpos($request->headers->get('Forwarded'), 'proto=https')) {
+                    $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
+                } else {
+                    $this->logger->info('Redirecting to HTTPS.');
+                }
             }
 
             $response = $this->authenticationEntryPoint->start($request);
