Merge remote-tracking branch 'origin/MAGETWO-52923-Varnish-ssl' into pr

Author: Igor Melnikov

app/code/Magento/PageCache/Model/Config.php

@@ -147,7 +147,13 @@ protected function _getReplacements()
                 \Magento\Store\Model\ScopeInterface::SCOPE_STORE
             ),
             '/* {{ ips }} */' => $this->_getAccessList(),
-            '/* {{ design_exceptions_code }} */' => $this->_getDesignExceptions()
+            '/* {{ design_exceptions_code }} */' => $this->_getDesignExceptions(),
+            // http headers get transformed by php `X-Forwarded-Proto: https` becomes $SERVER['HTTP_X_FORWARDED_PROTO'] = 'https'
+            // Apache and Nginx drop all headers with underlines by default.
+            '/* {{ ssl_offloaded_header }} */' => str_replace('_', '-', $this->_scopeConfig->getValue(
+                \Magento\Framework\HTTP\PhpEnvironment\Request::XML_PATH_OFFLOADER_HEADER,
+                \Magento\Store\Model\ScopeInterface::SCOPE_STORE))
+
         ];
     }
 

app/code/Magento/PageCache/Observer/ProcessLayoutRenderElement.php

@@ -59,6 +59,8 @@ protected function _wrapEsi(
                 'handles' => json_encode($layout->getUpdate()->getHandles())
             ]
         );
+        // Varnish does not support esi over https must change to http
+        $url = (substr($url, 0, 5) === 'https') ? 'http' . substr($url, 5) : $url;
         return sprintf('<esi:include src="%s" />', $url);
     }
 

app/code/Magento/PageCache/etc/varnish3.vcl

@@ -1,5 +1,7 @@
 import std;
 # The minimal Varnish version is 3.0.5
+# For SSL offloading, pass the following header in your proxy server or load balancer: '/* {{ ssl_offloaded_header }} */: https'
+
 
 backend default {
     .host = "/* {{ host }} */";
@@ -61,6 +63,7 @@ sub vcl_recv {
     # static files are always cacheable. remove SSL flag and cookie
     if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|gz|tgz|bz2|tbz|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") {
         unset req.http.Https;
+        unset req.http./* {{ ssl_offloaded_header }} */;
         unset req.http.Cookie;
     }
 
@@ -73,6 +76,10 @@ sub vcl_hash {
     if (req.http.cookie ~ "X-Magento-Vary=") {
         hash_data(regsub(req.http.cookie, "^.*?X-Magento-Vary=([^;]+);*.*$", "\1"));
     }
+
+    if (req.http./* {{ ssl_offloaded_header }} */) {
+        hash_data(req.http./* {{ ssl_offloaded_header }} */);
+    }
     /* {{ design_exceptions_code }} */
 }
 

app/code/Magento/PageCache/etc/varnish4.vcl

@@ -2,6 +2,7 @@ vcl 4.0;
 
 import std;
 # The minimal Varnish version is 4.0
+# For SSL offloading, pass the following header in your proxy server or load balancer: '/* {{ ssl_offloaded_header }} */: https'
 
 backend default {
     .host = "/* {{ host }} */";
@@ -74,6 +75,7 @@ sub vcl_recv {
     # static files are always cacheable. remove SSL flag and cookie
         if (req.url ~ "^/(pub/)?(media|static)/.*\.(ico|css|js|jpg|jpeg|png|gif|tiff|bmp|mp3|ogg|svg|swf|woff|woff2|eot|ttf|otf)$") {
         unset req.http.Https;
+        unset req.http./* {{ ssl_offloaded_header }} */;
         unset req.http.Cookie;
     }
 
@@ -93,8 +95,8 @@ sub vcl_hash {
     }
 
     # To make sure http users don't see ssl warning
-    if (req.http.X-Forwarded-Proto) {
-        hash_data(req.http.X-Forwarded-Proto);
+    if (req.http./* {{ ssl_offloaded_header }} */) {
+        hash_data(req.http./* {{ ssl_offloaded_header }} */);
     }
     /* {{ design_exceptions_code }} */
 }

app/code/Magento/Store/etc/config.xml

@@ -76,7 +76,7 @@
                 <base_link_url>{{secure_base_url}}</base_link_url>
                 <use_in_frontend>0</use_in_frontend>
                 <use_in_adminhtml>0</use_in_adminhtml>
-                <offloader_header>SSL_OFFLOADED</offloader_header>
+                <offloader_header>X-Forwarded-Proto</offloader_header>
             </secure>
             <session>
                 <use_remote_addr>0</use_remote_addr>

app/code/Magento/Webapi/Test/Unit/Controller/SoapTest.php

@@ -49,12 +49,16 @@ class SoapTest extends \PHPUnit_Framework_TestCase
      */
     protected $_appStateMock;
 
+
+    protected $_appconfig;
     /**
      * Set up Controller object.
      */
     protected function setUp()
     {
         parent::setUp();
+        
+        $objectManagerHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
 
         $this->_soapServerMock = $this->getMockBuilder('Magento\Webapi\Model\Soap\Server')
             ->disableOriginalConstructor()
@@ -95,6 +99,15 @@ protected function setUp()
             ->method('getHeaders')
             ->will($this->returnValue(new \Zend\Http\Headers()));
 
+        $appconfig = $this->getMock(\Magento\Framework\App\Config::class, [], [], '' , false);
+        $objectManagerHelper->setBackwardCompatibleProperty(
+            $this->_requestMock,
+            'appConfig',
+            $appconfig
+        );
+
+
+
         $this->_soapServerMock->expects($this->any())->method('setWSDL')->will($this->returnSelf());
         $this->_soapServerMock->expects($this->any())->method('setEncoding')->will($this->returnSelf());
         $this->_soapServerMock->expects($this->any())->method('setReturnResponse')->will($this->returnSelf());

dev/tests/integration/testsuite/Magento/Store/Model/StoreTest.php

@@ -372,7 +372,7 @@ public function isUseStoreInUrlDataProvider()
      *
      * @param bool $expected
      * @param array $serverValues
-     * @magentoConfigFixture current_store web/secure/offloader_header SSL_OFFLOADED
+     * @magentoConfigFixture current_store web/secure/offloader_header X_FORWARDED_PROTO
      * @magentoConfigFixture current_store web/secure/base_url https://example.com:80
      */
     public function testIsCurrentlySecure($expected, $serverValues)
@@ -391,8 +391,8 @@ public function isCurrentlySecureDataProvider()
     {
         return [
             [true, ['HTTPS' => 'on']],
-            [true, ['SSL_OFFLOADED' => 'https']],
-            [true, ['HTTP_SSL_OFFLOADED' => 'https']],
+            [true, ['X_FORWARDED_PROTO' => 'https']],
+            [true, ['HTTP_X_FORWARDED_PROTO' => 'https']],
             [true, ['HTTPS' => 'on', 'SERVER_PORT' => 80]],
             [false, ['SERVER_PORT' => 80]],
             [false, []],

lib/internal/Magento/Framework/App/Config/ScopePool.php

@@ -91,8 +91,14 @@ private function getRequest()
     public function getScope($scopeType, $scopeCode = null)
     {
         $scopeCode = $this->_getScopeCode($scopeType, $scopeCode);
-        $baseUrl = $this->getRequest()->getDistroBaseUrl();
-        $code = $scopeType . '|' . $scopeCode . '|' . $baseUrl;
+
+        //Key by url to support dynamic {{base_url}} and port assignments
+        $host = $this->getRequest()->getHttpHost();
+        $port = $this->getRequest()->getServer('SERVER_PORT');
+        $path = $this->getRequest()->getBasePath();
+        $urlInfo = $host . $port . trim($path, '/');
+        $code = $scopeType . '|' . $scopeCode . '|' . $urlInfo;
+
         if (!isset($this->_scopes[$code])) {
             $cacheKey = $this->_cacheId . '|' . $code;
             $data = $this->_cache->load($cacheKey);

lib/internal/Magento/Framework/App/Request/Http.php

@@ -5,7 +5,6 @@
  */
 namespace Magento\Framework\App\Request;
 
-use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\RequestSafetyInterface;
 use Magento\Framework\App\Route\ConfigInterface\Proxy as ConfigInterface;
@@ -318,16 +317,14 @@ public function getDistroBaseUrl()
     {
         $headerHttpHost = $this->getServer('HTTP_HOST');
         $headerHttpHost = $this->converter->cleanString($headerHttpHost);
-        $headerServerPort = $this->getServer('SERVER_PORT');
         $headerScriptName = $this->getServer('SCRIPT_NAME');
-        $headerHttps = $this->getServer('HTTPS');
 
         if (isset($headerScriptName) && isset($headerHttpHost)) {
-            $secure = !empty($headerHttps)
-                && $headerHttps != 'off'
-                || isset($headerServerPort)
-                && $headerServerPort == '443';
-            $scheme = ($secure ? 'https' : 'http') . '://';
+            if ($secure = $this->isSecure()) {
+                $scheme = 'https://';
+            } else {
+                $scheme = 'http://';
+            }
 
             $hostArr = explode(':', $headerHttpHost);
             $host = $hostArr[0];
@@ -403,29 +400,7 @@ public function __sleep()
         return [];
     }
 
-    /**
-     * {@inheritdoc}
-     *
-     * @return bool
-     */
-    public function isSecure()
-    {
-        if ($this->immediateRequestSecure()) {
-            return true;
-        }
-        /* TODO: Untangle Config dependence on Scope, so that this class can be instantiated even if app is not
-        installed MAGETWO-31756 */
-        // Check if a proxy sent a header indicating an initial secure request
-        $config = $this->objectManager->get('Magento\Framework\App\Config');
-        $offLoaderHeader = trim(
-            (string)$config->getValue(
-                self::XML_PATH_OFFLOADER_HEADER,
-                ScopeConfigInterface::SCOPE_TYPE_DEFAULT
-            )
-        );
-
-        return $this->initialRequestSecure($offLoaderHeader);
-    }
+
 
     /**
      * {@inheritdoc}
@@ -442,28 +417,5 @@ public function isSafeMethod()
         return $this->isSafeMethod;
     }
 
-    /**
-     * Checks if the immediate request is delivered over HTTPS
-     *
-     * @return bool
-     */
-    protected function immediateRequestSecure()
-    {
-        $https = $this->getServer('HTTPS');
-        return !empty($https) && ($https != 'off');
-    }
-
-    /**
-     * In case there is a proxy server, checks if the initial request to the proxy was delivered over HTTPS
-     *
-     * @param string $offLoaderHeader
-     * @return bool
-     */
-    protected function initialRequestSecure($offLoaderHeader)
-    {
-        $header = $this->getServer($offLoaderHeader);
-        $httpHeader = $this->getServer('HTTP_' . $offLoaderHeader);
-        return !empty($offLoaderHeader)
-        && (isset($header) && ($header === 'https') || isset($httpHeader) && ($httpHeader === 'https'));
-    }
+    
 }

lib/internal/Magento/Framework/App/Test/Unit/Config/ScopePoolTest.php

@@ -58,7 +58,7 @@ protected function setUp()
             ->disableOriginalConstructor()
             ->setMethods(
                 [
-                    'getDistroBaseUrl',
+                    'getBasePath',
                     'getModuleName',
                     'setModuleName',
                     'getActionName',
@@ -68,14 +68,15 @@ protected function setUp()
                     'setParams',
                     'getCookie',
                     'isSecure',
+                    'getServer'
                 ]
             )->getMock();
         $reflection = new \ReflectionClass(get_class($this->_object));
         $reflectionProperty = $reflection->getProperty('request');
         $reflectionProperty->setAccessible(true);
         $reflectionProperty->setValue($this->_object, $requestMock);
         $requestMock->expects($this->any())
-            ->method('getDistroBaseUrl')
+            ->method('getBasePath')
             ->willReturn('baseUrl');
     }