View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007770 | OXID eShop (all versions) | 2. ----- eShop backend (admin) ----- | public | 2025-02-19 10:57 | 2025-07-07 12:05 |
| Reporter | rene.gust | Assigned To | |||
| Priority | normal | Severity | minor | Reproducibility | always |
| Status | confirmed | Resolution | open | ||
| Product Version | 7.0.2 | ||||
| Summary | 0007770: Cant use admin with cloudflare domain because of endless redirects | ||||
| Description | As an oxid developer I want to be able to use the cloudflare domains like rene.oxiddev.de and the admin interface during development. When i enter the url https://rene.oxiddev.de/admin the browser gets redirected endlessly. During debug I found this function: OxidEsales\EshopCommunity\Core\Config::checkSsl (oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/Config.php:781) I think the last statement ``` if ( isset($serverVars['HTTP_X_FORWARDED_SERVER']) && (strpos($serverVars['HTTP_X_FORWARDED_SERVER'], 'ssl') !== false || strpos($serverVars['HTTP_X_FORWARDED_SERVER'], 'secure-online-shopping.de') !== false) ) { $this->setIsSsl(true); } ``` could be extended with ``` || isset($serverVars['HTTP_X_FORWARDED_PROTO']) && $serverVars['HTTP_X_FORWARDED_PROTO'] == 'https' ``` When i use cloudflare this header is always set to https when using https. So my propsal would be to include this check to be able to use cloud flare domains. | ||||
| Steps To Reproduce | 1. - setup cloudflare domain - go to [your-sub-domain-name].oxiddev.de/admin - browser will be redirected endlessly 2. - change the statement in oxideshop/vendor/oxid-esales/oxideshop-ce/source/Core/Config.php:781 - add `|| isset($serverVars['HTTP_X_FORWARDED_PROTO']) && $serverVars['HTTP_X_FORWARDED_PROTO'] == 'https'` - go to [your-sub-domain-name].oxiddev.de/admin - you can now login to admin | ||||
| Tags | admin ssl | ||||
| Theme | All | ||||
| Browser | All | ||||
| PHP Version | 8.0 | ||||
| Database Version | Other | ||||
|
|
As discussed today, the issue is acknowledged. |
|
|
maybe this chatgpt helps to understand what I mean: https://chatgpt.com/share/686b9b29-f778-8008-a2a6-7af54ee3ee7f |
|
|
I would have to research the HTTP headers again, but I hope this ChatGPT helps you? My guess is that the code does not take into account all the HTTP headers that are important in this context. May be only 5% of the developers, I can't say |
