Log potential redirect loops caused by forced HTTPS

colinodell · colinodell · commit 15748c7b87b5 · 2018-06-14T12:25:03.000-04:00
If the developer forgets/fails to set "trusted_proxies" properly, forcing the https channel can cause infinite redirect loops. This change will hopefully help them identify the problem faster. See #27603
diff --git a/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php b/src/Symfony/Component/Security/Http/Firewall/ChannelListener.php
@@ -47,6 +47,9 @@ public function handle(GetResponseEvent $event)
         if ('https' === $channel && !$request->isSecure()) {
             if (null !== $this->logger) {
                 $this->logger->info('Redirecting to HTTPS.');
+                if ('https' === $request->headers->get('X-Forwarded-Proto')) {
+                    $this->logger->debug('Possible redirect loop - did you set "trusted_proxies" correctly?');
+                }
             }
 
             $response = $this->authenticationEntryPoint->start($request);

Original file line number	Diff line number	Diff line change
`@@ -47,6 +47,9 @@ public function handle(GetResponseEvent $event)`
`47`	`47`	`if ('https' === $channel && !$request->isSecure()) {`
`48`	`48`	`if (null !== $this->logger) {`
`49`	`49`	`$this->logger->info('Redirecting to HTTPS.');`
	`50`	`+ if ('https' === $request->headers->get('X-Forwarded-Proto')) {`
	`51`	`+ $this->logger->debug('Possible redirect loop - did you set "trusted_proxies" correctly?');`
	`52`	`+ }`
`50`	`53`	`}`
`51`	`54`
`52`	`55`	`$response = $this->authenticationEntryPoint->start($request);`