diff options
| -rw-r--r-- | app/install.php | 3 | ||||
| -rw-r--r-- | lib/Minz/Session.php | 6 |
2 files changed, 7 insertions, 2 deletions
diff --git a/app/install.php b/app/install.php index dc79c2388..b15cc76ea 100644 --- a/app/install.php +++ b/app/install.php @@ -7,7 +7,8 @@ header("Content-Security-Policy: default-src 'self'"); require(LIB_PATH . '/lib_install.php'); session_name('FreshRSS'); -session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true); +$forwardedPrefix = empty($_SERVER['HTTP_X_FORWARDED_PREFIX']) ? '' : rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ '); +session_set_cookie_params(0, $forwardedPrefix . dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true); session_start(); if (isset($_GET['step'])) { diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index c94f2b646..97b15c4d0 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -61,7 +61,11 @@ class Minz_Session { public static function getCookieDir() { // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + $cookie_dir = ''; + if (!empty($_SERVER['HTTP_X_FORWARDED_PREFIX'])) { + $cookie_dir .= rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ '); + } + $cookie_dir .= empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; if (substr($cookie_dir, -1) !== '/') { $cookie_dir = dirname($cookie_dir) . '/'; } |