Skip to content

Add support for X-Forwarded-Host & X-Forwarded-Prefix Headers #468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Add support for X-Forwarded-Host & X-Forwarded-Prefix Headers #468

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2f7dae4
Add support for X-Forwarded-Prefix
Mar 22, 2025
2a00477
Add support for X-Forwarded-Host
Mar 22, 2025
7007bd8
Add X-Forwarded-* Tests
Mar 22, 2025
910dd2b
Bump changelog
Mar 22, 2025
b0b5a42
Fix port in tests
Apr 6, 2025
e998f78
Removed mention of tests from CHANGELOG.md
Apr 30, 2025
095ad54
Removed mention of tests from CHANGELOG.md
calw20 Apr 30, 2025
fa29032
Merge branch 'master' of https://github.com/calw20/OpenID-Connect-PHP
calw20 Apr 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
## [unreleased]

### Changed
- Added support for `X-Forwarded-Host` & `X-Forwarded-Prefix` headers
- Stop adding ?schema=openid to userinfo endpoint URL. #449

## [1.0.1] - 2024-09-13
Expand Down
11 changes: 10 additions & 1 deletion src/OpenIDConnectClient.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -698,7 +698,9 @@ public function getRedirectURL(): string
$port = 80;
}

if (isset($_SERVER['HTTP_HOST'])) {
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
} elseif (isset($_SERVER['HTTP_HOST'])) {
$host = explode(':', $_SERVER['HTTP_HOST'])[0];
} elseif (isset($_SERVER['SERVER_NAME'])) {
$host = $_SERVER['SERVER_NAME'];
Expand All @@ -711,6 +713,13 @@ public function getRedirectURL(): string
$port = (443 === $port) || (80 === $port) ? '' : ':' . $port;

$explodedRequestUri = isset($_SERVER['REQUEST_URI']) ? explode('?', $_SERVER['REQUEST_URI']) : [];

// Add support for X-Forwarded-Prefix
if (isset($_SERVER['HTTP_X_FORWARDED_PREFIX'])) {
$locationPrefix = $_SERVER['HTTP_X_FORWARDED_PREFIX'];
$explodedRequestUri[0] = isset($explodedRequestUri[0]) ? $locationPrefix.$explodedRequestUri[0] : $locationPrefix;
}

return sprintf('%s://%s%s/%s', $protocol, $host, $port, trim(reset($explodedRequestUri), '/'));
}

Expand Down
11 changes: 11 additions & 0 deletions tests/OpenIDConnectClientTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,17 @@ public function testGetRedirectURL()

$_SERVER['SERVER_PORT'] = '8888';
self::assertSame('http://domain.test:8888/path/index.php', $client->getRedirectURL());


// HTTP_X_FORWARDED_* Tests
$_SERVER['HTTP_X_FORWARDED_PROTO'] = 'https';
self::assertSame('https://domain.test:8888/path/index.php', $client->getRedirectURL());

$_SERVER['HTTP_X_FORWARDED_HOST'] = 'example.org';
self::assertSame('https://example.org:8888/path/index.php', $client->getRedirectURL());

$_SERVER['HTTP_X_FORWARDED_PREFIX'] = '/prefix';
self::assertSame('https://example.org:8888/prefix/path/index.php', $client->getRedirectURL());
}

public function testAuthenticateDoesNotThrowExceptionIfClaimsIsMissingNonce()
Expand Down