vendor/symfony/security-http/Firewall/ChannelListener.php line 28

  1. <?php
  2. /*
  3.  * This file is part of the Symfony package.
  4.  *
  5.  * (c) Fabien Potencier <[email protected]>
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  10. namespace Symfony\Component\Security\Http\Firewall;
  11. use Psr\Log\LoggerInterface;
  12. use Symfony\Component\HttpFoundation\RedirectResponse;
  13. use Symfony\Component\HttpFoundation\Request;
  14. use Symfony\Component\HttpKernel\Event\RequestEvent;
  15. use Symfony\Component\Security\Http\AccessMapInterface;
  16. /**
  17.  * ChannelListener switches the HTTP protocol based on the access control
  18.  * configuration.
  19.  *
  20.  * @author Fabien Potencier <[email protected]>
  21.  *
  22.  * @final
  23.  */
  24. class ChannelListener extends AbstractListener
  25. {
  26.     private AccessMapInterface $map;
  27.     private ?LoggerInterface $logger;
  28.     private int $httpPort;
  29.     private int $httpsPort;
  30.     public function __construct(AccessMapInterface $mapLoggerInterface $logger nullint $httpPort 80int $httpsPort 443)
  31.     {
  32.         $this->map $map;
  33.         $this->logger $logger;
  34.         $this->httpPort $httpPort;
  35.         $this->httpsPort $httpsPort;
  36.     }
  37.     /**
  38.      * Handles channel management.
  39.      */
  40.     public function supports(Request $request): ?bool
  41.     {
  42.         [, $channel] = $this->map->getPatterns($request);
  43.         if ('https' === $channel && !$request->isSecure()) {
  44.             if (null !== $this->logger) {
  45.                 if ('https' === $request->headers->get('X-Forwarded-Proto')) {
  46.                     $this->logger->info('Redirecting to HTTPS. ("X-Forwarded-Proto" header is set to "https" - did you set "trusted_proxies" correctly?)');
  47.                 } elseif (str_contains($request->headers->get('Forwarded'''), 'proto=https')) {
  48.                     $this->logger->info('Redirecting to HTTPS. ("Forwarded" header is set to "proto=https" - did you set "trusted_proxies" correctly?)');
  49.                 } else {
  50.                     $this->logger->info('Redirecting to HTTPS.');
  51.                 }
  52.             }
  53.             return true;
  54.         }
  55.         if ('http' === $channel && $request->isSecure()) {
  56.             $this->logger?->info('Redirecting to HTTP.');
  57.             return true;
  58.         }
  59.         return false;
  60.     }
  61.     public function authenticate(RequestEvent $event)
  62.     {
  63.         $request $event->getRequest();
  64.         $event->setResponse($this->createRedirectResponse($request));
  65.     }
  66.     private function createRedirectResponse(Request $request): RedirectResponse
  67.     {
  68.         $scheme $request->isSecure() ? 'http' 'https';
  69.         if ('http' === $scheme && 80 != $this->httpPort) {
  70.             $port ':'.$this->httpPort;
  71.         } elseif ('https' === $scheme && 443 != $this->httpsPort) {
  72.             $port ':'.$this->httpsPort;
  73.         } else {
  74.             $port '';
  75.         }
  76.         $qs $request->getQueryString();
  77.         if (null !== $qs) {
  78.             $qs '?'.$qs;
  79.         }
  80.         $url $scheme.'://'.$request->getHost().$port.$request->getBaseUrl().$request->getPathInfo().$qs;
  81.         return new RedirectResponse($url301);
  82.     }
  83. }