forked from ashishjob0424/magento2-patches
-
Notifications
You must be signed in to change notification settings - Fork 15
/
Patch-2-of-2-Magento_Checkout-fix-isSecure.patch
70 lines (63 loc) · 2.14 KB
/
Patch-2-of-2-Magento_Checkout-fix-isSecure.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
--- a/Controller/Index/Index.php
+++ b/Controller/Index/Index.php
@@ -51,18 +51,16 @@ class Index extends \Magento\Checkout\Controller\Onepage
*/
private function isSecureRequest(): bool
{
- $secure = false;
$request = $this->getRequest();
- if ($request->isSecure()) {
- $secure = true;
- }
+ $referrer = $request->getHeader('referer');
+ $secure = false;
- if ($request->getHeader('referer')) {
- $scheme = parse_url($request->getHeader('referer'), PHP_URL_SCHEME);
+ if ($referrer) {
+ $scheme = parse_url($referrer, PHP_URL_SCHEME);
$secure = $scheme === 'https';
}
- return $secure;
+ return $secure && $request->isSecure();
}
}
--- a/Test/Unit/Controller/Index/IndexTest.php
+++ b/Test/Unit/Controller/Index/IndexTest.php
@@ -236,26 +236,27 @@ class IndexTest extends \PHPUnit\Framework\TestCase
public function sessionRegenerationDataProvider(): array
{
return [
+ [
+ 'secure' => false,
+ 'referer' => 'https://test.domain.com/',
+ 'expectedCall' => self::once()
+ ],
[
'secure' => true,
'referer' => false,
- 'expectedCall' => self::never()
+ 'expectedCall' => self::once()
],
[
'secure' => true,
- 'referer' => 'https://test.domain.com/',
- 'expectedCall' => self::never()
+ 'referer' => 'http://test.domain.com/',
+ 'expectedCall' => self::once()
],
+ // This is the only case in which session regeneration can be skipped
[
- 'secure' => false,
+ 'secure' => true,
'referer' => 'https://test.domain.com/',
'expectedCall' => self::never()
],
- [
- 'secure' => true,
- 'referer' => 'http://test.domain.com/',
- 'expectedCall' => self::once()
- ]
];
}
--
2.15.0