All geek questions in one place

Symfony2 Infinite Redirect Loop with Schema Routing Settings

I have the following controller with routing annotation:

/** * @Route("/checkout/", name="checkout", schemes = "https") */ public function indexAction(Request $request) { //...do stuff }

This works fine on my development server, however on my production server I get an infinite redirect route. I looked through the logs and this is caused by Symfony, not Apache. It does this all over again until my browser stops:

 [2014-10-28 17:32:28] request.INFO: Matched route "checkout" (parameters: "_controller": "Symfony\Bundle\FrameworkBundle\Controller\RedirectController::urlRedirectAction", "path": "/checkout/", "permanent": "true", "scheme": "https", "httpPort": "80", "httpsPort": "443", "_route": "checkout") [] []

This does not make sense, since the page requests IS through HTTPS:

https://example.com/checkout/

I have no access_control parameters in security.yml that cover this. It is strange that all other controllers that do not use "scheme =" https "work.

+5
source share
2 answers

It turned out that my SSL setting was configured at the server level, and not at the VirtualHost level, which Apache did not set the PHP Server variable "HTTPS", although HTTPS was used. This is a variable used by Symfony to determine if a request is protected or not. By adding various SSL directives directly to my VirtualHost entry, the problem is resolved. Hope this helps someone.

+2
source

Perhaps your Symfony application is behind a proxy / load balancer that completes SSL (haproxy, nginx). These proxies usually add a special header to inform the application that the original request was sent via HTTPS. The problem is that Symfony ignores this header because it is too easy to fake.

To fix this, add the following line to your web / app.php after running the $ request:

 // Trust all requests as they can only come from the load balancer Request::setTrustedProxies(array($request->server->get('REMOTE_ADDR')));

This means that Symfony can trust the title of the schema and does not need to redirect to HTTPS.

+4
source

Source: https://habr.com/ru/post/1205735/

More articles:


All Articles