yii2: [Web][Request] getIsSecureConnection doesn't handle SSL request behind ELB

Hi,

There is an issue with determining if connection is secure.

\yii\web\Request:526 function getIsSecureConnection

Correctly checks for HTTP_X_FORWARDED_PROTO header which is set by ELB if ELB listener is set to HTTPS protocol.

BUT if you want to use websockets in your app, you have to set your ELB to use SSL instead of HTTPS and using SSL doesn’t set the above mentioned header.

Hence all my route rules for subdomain: https://<module>.domain.com' => '<module>/default are looking for match with ‘http://’ and therefore not working.

Maybe would be good to have some fallback that checks https in the url?

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 33 (17 by maintainers)

Most upvoted comments

ELB ok, but on other reverse proxy/LB, there many framework supporting use of x-forward- header !

like symfony for exemple : http://symfony.com/doc/current/request/load_balancer_reverse_proxy.html

like that you can acces your site from diffrente url through different lb…

+1
mcarbonneaux on Jul 5, 2017
Read more comments on GitHub
← yii2: UrlRule Problem with trailing slash (/)
yii2: Wrong mime type detection for CSV files →