Last active
April 13, 2020 11:38
-
-
Save xZero707/62031181b565c22383cf563e3da6ae14 to your computer and use it in GitHub Desktop.
Fake HTTP(S) state for stubborn PHP app that won't operate over HTTP even though you desire it too. Pay attention to in-code comment.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /** | |
| * Fake headers so it looks like request is coming from SSL | |
| * In my case, I'm hosting app in the isolated docker container behind nginx-proxy. | |
| * For simplicity sake, connection between nginx-proxy and the app is http. | |
| * Connection between nginx-proxy and the client is normally SSL-only (HSTS). | |
| * Wordpress in particular caused problems in this config. | |
| * NOTE: DO NOT USE THIS ON WEBSITE EXPOSED TO THE INTERNET IF SSL SECURITY IS DESIRABLE! | |
| */ | |
| $_SERVER['HTTP_UPGRADE_INSECURE_REQUESTS'] = false; | |
| $_SERVER['HTTP_X_FORWARDED_PORT'] = 443; | |
| $_SERVER['HTTP_X_FORWARDED_SSL'] = 'on'; | |
| $_SERVER['HTTPS'] = 'on'; | |
| $_SERVER['SERVER_PORT'] = 443; | |
| $_SERVER['REQUEST_SCHEME'] = 'https'; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
If this is the answer, you're almost certainly asking the wrong question.
HTTPS becomes almost mandatory nowadays, and there should be ALMOST no cases when you'll need this.
Here are A FEW exceptions I can think of: