From e9d50f48eb376766ebdb4a7d7e10d15bf863d5a7 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Thu, 27 Dec 2018 22:57:30 +0100 Subject: HTTP_X_FORWARDED_PREFIX for cookie path (#2201) Forgotten. Follow-up of https://github.com/FreshRSS/FreshRSS/pull/2191 --- app/install.php | 3 ++- lib/Minz/Session.php | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/app/install.php b/app/install.php index dc79c2388..b15cc76ea 100644 --- a/app/install.php +++ b/app/install.php @@ -7,7 +7,8 @@ header("Content-Security-Policy: default-src 'self'"); require(LIB_PATH . '/lib_install.php'); session_name('FreshRSS'); -session_set_cookie_params(0, dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true); +$forwardedPrefix = empty($_SERVER['HTTP_X_FORWARDED_PREFIX']) ? '' : rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ '); +session_set_cookie_params(0, $forwardedPrefix . dirname(empty($_SERVER['REQUEST_URI']) ? '/' : dirname($_SERVER['REQUEST_URI'])), null, false, true); session_start(); if (isset($_GET['step'])) { diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index c94f2b646..97b15c4d0 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -61,7 +61,11 @@ class Minz_Session { public static function getCookieDir() { // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + $cookie_dir = ''; + if (!empty($_SERVER['HTTP_X_FORWARDED_PREFIX'])) { + $cookie_dir .= rtrim($_SERVER['HTTP_X_FORWARDED_PREFIX'], '/ '); + } + $cookie_dir .= empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; if (substr($cookie_dir, -1) !== '/') { $cookie_dir = dirname($cookie_dir) . '/'; } -- cgit v1.2.3