From 2f7dae4a77fa0b687f13ae9e4e73c496ba3d349b Mon Sep 17 00:00:00 2001
From: Cal Wing <cal@wing.id.au>
Date: Sat, 22 Mar 2025 13:17:41 +1000
Subject: [PATCH 1/7] Add support for X-Forwarded-Prefix

---
 src/OpenIDConnectClient.php | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index 7b859c56..1e8a8427 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -711,6 +711,13 @@ public function getRedirectURL(): string
         $port = (443 === $port) || (80 === $port) ? '' : ':' . $port;
 	    
         $explodedRequestUri = isset($_SERVER['REQUEST_URI']) ? explode('?', $_SERVER['REQUEST_URI']) : [];
+
+        // Add support for X-Forwarded-Prefix
+        if (isset($_SERVER['HTTP_X_FORWARDED_PREFIX'])) {
+            $locationPrefix = $_SERVER['HTTP_X_FORWARDED_PREFIX'];
+            $explodedRequestUri[0] = isset($explodedRequestUri[0]) ? $locationPrefix.$explodedRequestUri[0] : $locationPrefix;
+        }
+
         return sprintf('%s://%s%s/%s', $protocol, $host, $port, trim(reset($explodedRequestUri), '/'));
     }
 

From 2a00477e27dc1e1e4fd1a7fd09a60047369e6b4b Mon Sep 17 00:00:00 2001
From: Cal Wing <cal@wing.id.au>
Date: Sat, 22 Mar 2025 13:25:42 +1000
Subject: [PATCH 2/7] Add support for X-Forwarded-Host

---
 src/OpenIDConnectClient.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index 1e8a8427..6afa17c9 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -698,7 +698,9 @@ public function getRedirectURL(): string
             $port = 80;
         }
 
-        if (isset($_SERVER['HTTP_HOST'])) {
+        if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
+            $host = $_SERVER['HTTP_X_FORWARDED_HOST'];
+        } elseif (isset($_SERVER['HTTP_HOST'])) {
             $host = explode(':', $_SERVER['HTTP_HOST'])[0];
         } elseif (isset($_SERVER['SERVER_NAME'])) {
             $host = $_SERVER['SERVER_NAME'];

From 7007bd870f43ec78a8bc8d84c1a39fac1f8cf7c5 Mon Sep 17 00:00:00 2001
From: Cal Wing <cal@wing.id.au>
Date: Sat, 22 Mar 2025 13:28:46 +1000
Subject: [PATCH 3/7] Add X-Forwarded-* Tests

---
 tests/OpenIDConnectClientTest.php | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tests/OpenIDConnectClientTest.php b/tests/OpenIDConnectClientTest.php
index 4b46923d..b91b74c1 100644
--- a/tests/OpenIDConnectClientTest.php
+++ b/tests/OpenIDConnectClientTest.php
@@ -104,6 +104,17 @@ public function testGetRedirectURL()
 
         $_SERVER['SERVER_PORT'] = '8888';
         self::assertSame('http://domain.test:8888/path/index.php', $client->getRedirectURL());
+
+
+        // HTTP_X_FORWARDED_* Tests
+        $_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
+        self::assertSame('https://domain.test:8888/path/index.php', $client->getRedirectURL());
+
+        $_SERVER['HTTP_X_FORWARDED_HOST'] = 'example.org';
+        self::assertSame('https://example.org:9999/path/index.php', $client->getRedirectURL());
+
+        $_SERVER['HTTP_X_FORWARDED_PREFIX'] = '/prefix';
+        self::assertSame('https://example.org:9999/prefix/path/index.php', $client->getRedirectURL());
     }
 
     public function testAuthenticateDoesNotThrowExceptionIfClaimsIsMissingNonce()

From 910dd2b351417686d1b137c83b98a2e3b5fad3c6 Mon Sep 17 00:00:00 2001
From: Cal Wing <cal@wing.id.au>
Date: Sat, 22 Mar 2025 13:31:34 +1000
Subject: [PATCH 4/7] Bump changelog

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a6ef83d6..1002e068 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 ### Changed
+- Added support for X-Forwarded-Host & X-Forwarded-Prefix headers
+- Added tests for X-Forwarded-Proto, X-Forwarded-Host & X-Forwarded-Prefix Headers
 - Stop adding ?schema=openid to userinfo endpoint URL. #449
 
 ## [1.0.1] - 2024-09-13

From b0b5a4262949ae3edc43c42b38f3291d13e56e13 Mon Sep 17 00:00:00 2001
From: Cal Wing <cal@wing.id.au>
Date: Sun, 6 Apr 2025 15:18:21 +1000
Subject: [PATCH 5/7] Fix port in tests

---
 tests/OpenIDConnectClientTest.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/OpenIDConnectClientTest.php b/tests/OpenIDConnectClientTest.php
index b91b74c1..01d6543c 100644
--- a/tests/OpenIDConnectClientTest.php
+++ b/tests/OpenIDConnectClientTest.php
@@ -111,10 +111,10 @@ public function testGetRedirectURL()
         self::assertSame('https://domain.test:8888/path/index.php', $client->getRedirectURL());
 
         $_SERVER['HTTP_X_FORWARDED_HOST'] = 'example.org';
-        self::assertSame('https://example.org:9999/path/index.php', $client->getRedirectURL());
+        self::assertSame('https://example.org:8888/path/index.php', $client->getRedirectURL());
 
         $_SERVER['HTTP_X_FORWARDED_PREFIX'] = '/prefix';
-        self::assertSame('https://example.org:9999/prefix/path/index.php', $client->getRedirectURL());
+        self::assertSame('https://example.org:8888/prefix/path/index.php', $client->getRedirectURL());
     }
 
     public function testAuthenticateDoesNotThrowExceptionIfClaimsIsMissingNonce()

From e998f7883d1cdd444e1c074820d17d3aa6e1f31c Mon Sep 17 00:00:00 2001
From: Cal Wing <cal@wing.id.au>
Date: Wed, 30 Apr 2025 17:35:33 +1000
Subject: [PATCH 6/7] Removed mention of tests from CHANGELOG.md

---
 CHANGELOG.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1002e068..f2e466fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 ### Changed
-- Added support for X-Forwarded-Host & X-Forwarded-Prefix headers
-- Added tests for X-Forwarded-Proto, X-Forwarded-Host & X-Forwarded-Prefix Headers
+- Added support for `X-Forwarded-Host` & `X-Forwarded-Prefix` headers
 - Stop adding ?schema=openid to userinfo endpoint URL. #449
 
 ## [1.0.1] - 2024-09-13

From 095ad54ee084cf77ee53da052b1259f0cdfaf498 Mon Sep 17 00:00:00 2001
From: Cal Wing <20716204+calw20@users.noreply.github.com>
Date: Wed, 30 Apr 2025 17:40:37 +1000
Subject: [PATCH 7/7] Removed mention of tests from CHANGELOG.md

---
 CHANGELOG.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1002e068..f2e466fc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,8 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [unreleased]
 
 ### Changed
-- Added support for X-Forwarded-Host & X-Forwarded-Prefix headers
-- Added tests for X-Forwarded-Proto, X-Forwarded-Host & X-Forwarded-Prefix Headers
+- Added support for `X-Forwarded-Host` & `X-Forwarded-Prefix` headers
 - Stop adding ?schema=openid to userinfo endpoint URL. #449
 
 ## [1.0.1] - 2024-09-13