oauth-php not taking account of proxy setting
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned |
Bug Description
There is an issue getting LTI working between Moodle and Mahara in the oauth-php library as it doesn't take Mahara's sslproxy configuration into consideration when generating the URI for $base_string
I'd like to propose a patch for Mahara that looks something like a change on line 92 of htdocs/
From this...
$this-
To this...
// Instantiating OAuthServer() with get_full_
// the locally generated signature will contain a URI using the correct
// protocol if this server is behind an sslproxy.
// Otherwise OAuthServer() determines the protocol based only on a
// check for $_SERVER['HTTPS'] and signature verification will fail.
$this-
Essentially the OAuthRequest() class assumes that because the web container is not using SSL directly then the request URI should be prefixed with http:// rather than https://...
$proto = (isset(
But it seems OK to instantiate OAuthServer() with a $uri to bypass this, so that could be done in webservice_
Changed in mahara: | |
importance: | Undecided → High |
status: | New → Confirmed |
Changed in mahara: | |
status: | Confirmed → In Progress |
milestone: | none → 22.04.0 |
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Patch for "main" branch: https:/ /reviews. mahara. org/12303