From 4242fe291449d0e442cc8f8e276110dd2741803e Mon Sep 17 00:00:00 2001
From: Tai Kedzierski <dch.tai@gmail.com>
Date: Wed, 24 Oct 2018 17:33:09 +0100
Subject: [PATCH] Allow overriding HTTPS

In the case where the proxy does not pass `HTTP_X_FORWARDED_PROTO`, we need a way to explicitly request `https://` scheme on callbacks.

This change adds a constant `FORCE_HTTPS` which can be used to forcibly override automatic detection of HTTPS usage, when set.
---
 app/classes/Framadate/Utils.php | 7 ++++++-
 docker/stretch/entrypoint.sh    | 4 ++++
 tpl/admin/config.tpl            | 2 ++
 3 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/app/classes/Framadate/Utils.php b/app/classes/Framadate/Utils.php
index f106b6b7..afe2fafd 100644
--- a/app/classes/Framadate/Utils.php
+++ b/app/classes/Framadate/Utils.php
@@ -28,7 +28,12 @@ class Utils {
         $serverName = isset($_SERVER['SERVER_NAME']) ? $_SERVER['SERVER_NAME'] : '';
         $serverPort = isset($_SERVER['SERVER_PORT']) ? $_SERVER['SERVER_PORT'] : '';
 
-        $scheme = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') || (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')) ? 'https' : 'http';
+        $scheme = (
+            (defined('FORCE_HTTPS') && FORCE_HTTPS === true) ||
+            (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ||
+            (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
+        ) ? 'https' : 'http';
+
         $port = in_array($serverPort, ['80', '443'], true) ? '' : ':' . $serverPort;
         $dirname = dirname($_SERVER['SCRIPT_NAME']);
         $dirname = $dirname === '\\' ? '/' : $dirname . '/';
diff --git a/docker/stretch/entrypoint.sh b/docker/stretch/entrypoint.sh
index b94adcd3..ed285926 100755
--- a/docker/stretch/entrypoint.sh
+++ b/docker/stretch/entrypoint.sh
@@ -3,6 +3,7 @@
 # Read environment variables or set default values
 FRAMADATE_CONFIG=${FRAMADATE_CONFIG:-/var/www/framadate/app/inc/config.php}
 DOMAIN=${DOMAIN-localhost}
+FORCE_HTTPS=${FORCE_HTTPS-false}
 APP_NAME=${APP_NAME-Framadate}
 ADMIN_MAIL=${ADMIN_MAIL-}
 NO_REPLY_MAIL=${NO_REPLY_MAIL-}
@@ -21,6 +22,9 @@ if [ ! -f $FRAMADATE_CONFIG ]; then
   if [ ! -z "$DOMAIN" ]; then
     sed -i -E "s/^(\/\/ )?const APP_URL( )?=.*;/const APP_URL = '$DOMAIN';/g" $FRAMADATE_CONFIG
   fi
+  if [ "$FORCE_HTTPS" =~ true ]; then
+    sed -i -E "s/^(\/\/ )?const FORCE_HTTPS\\s*=.*;/const FORCE_HTTPS = true;/" $FRAMADATE_CONFIG
+  fi
   sed -i -E "s/^(\/\/ )?const NOMAPPLICATION( )?=.*;/const NOMAPPLICATION = '$APP_NAME';/g" $FRAMADATE_CONFIG
   # Configure mail
   sed -i -E "s/^(\/\/ )?const ADRESSEMAILADMIN( )?=.*;/const ADRESSEMAILADMIN = '$ADMIN_MAIL';/g" $FRAMADATE_CONFIG
diff --git a/tpl/admin/config.tpl b/tpl/admin/config.tpl
index 2f676700..af88622e 100644
--- a/tpl/admin/config.tpl
+++ b/tpl/admin/config.tpl
@@ -22,6 +22,8 @@
 // You *have to set this* if you are running Framadate behind a reverse proxy.
 // const APP_URL = '<www.mydomain.fr>';
 
+// const FORCE_HTTPS = false;
+
 // Application name
 const NOMAPPLICATION = '{$appName|addslashes_single_quote}';
 
-- 
GitLab