Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.2.1
-
None
-
nginx (doing TLS) proxying to Apache mod_php
Description
When running phpBB on Apache behind a proxy running HTTPS, Apache only sees the plain HTTP request from the proxy so the $request->is_secure() in phpbb/captcha/plugins/recapatcha.php will return false resulting in an http:// URL being returned for Google's reCaptcha when it should be https:// This causes reCaptcha to fail in browsers unless you click "Load unsafe scripts".
This is easily fixed by just using // URLs instead of http:// or https:// The patch below certainly fixes the problem but the logic for deciding which URL to serve could just be removed altogether:
--- recaptcha.php.orig 2017-07-16 19:07:13.000000000 +0100 |
+++ recaptcha.php 2017-10-29 21:02:52.105000506 +0000 |
@@ -15,8 +15,8 @@ |
|
|
class recaptcha extends captcha_abstract |
{
|
- var $recaptcha_server = 'http://www.google.com/recaptcha/api'; |
- var $recaptcha_server_secure = 'https://www.google.com/recaptcha/api'; // class constants :( |
+ var $recaptcha_server = '//www.google.com/recaptcha/api'; |
+ var $recaptcha_server_secure = '//www.google.com/recaptcha/api'; // class constants :( |
|
|
var $response;
|
|
Also noted in this comment.
Attachments
Issue Links
- was obsoleted by solution of
-
PHPBB3-16105 Use "global" reCAPTCHA domain to circumvent blocking in some countries
-
- Unverified Fix
-