‪TYPO3CMS  ‪main
Public Member Functions | Public Attributes | Protected Member Functions | Protected Attributes | List of all members
TYPO3\CMS\Core\Middleware\VerifyHostHeader Class Reference
Inheritance diagram for TYPO3\CMS\Core\Middleware\VerifyHostHeader:

Public Member Functions

 __construct (string $trustedHostsPattern)
 
 process (ServerRequestInterface $request, RequestHandlerInterface $handler)
 
 isAllowedHostHeaderValue (string $hostHeaderValue, array $serverParams)
 

Public Attributes

const ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*'
 
const ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME'
 

Protected Member Functions

 hostHeaderValueMatchesTrustedHostsPattern (string $hostHeaderValue, array $serverParams)
 
 webserverUsesHttps (array $serverParams)
 

Protected Attributes

string $trustedHostsPattern
 

Detailed Description

Checks if the provided host header value matches the trusted hosts pattern.

Definition at line 30 of file VerifyHostHeader.php.

Constructor & Destructor Documentation

◆ __construct()

TYPO3\CMS\Core\Middleware\VerifyHostHeader::__construct ( string  $trustedHostsPattern)

Definition at line 37 of file VerifyHostHeader.php.

References TYPO3\CMS\Core\Middleware\VerifyHostHeader\$trustedHostsPattern.

Member Function Documentation

◆ hostHeaderValueMatchesTrustedHostsPattern()

TYPO3\CMS\Core\Middleware\VerifyHostHeader::hostHeaderValueMatchesTrustedHostsPattern ( string  $hostHeaderValue,
array  $serverParams 
)
protected

Checks if the provided host header value matches the trusted hosts pattern without any preprocessing.

Definition at line 80 of file VerifyHostHeader.php.

◆ isAllowedHostHeaderValue()

TYPO3\CMS\Core\Middleware\VerifyHostHeader::isAllowedHostHeaderValue ( string  $hostHeaderValue,
array  $serverParams 
)

Checks if the provided host header value matches the trusted hosts pattern.

Parameters
string$hostHeaderValue‪HTTP_HOST header value as sent during the request (may include port)

Definition at line 63 of file VerifyHostHeader.php.

Referenced by TYPO3\CMS\Core\Middleware\VerifyHostHeader\process().

◆ process()

TYPO3\CMS\Core\Middleware\VerifyHostHeader::process ( ServerRequestInterface  $request,
RequestHandlerInterface  $handler 
)

Definition at line 42 of file VerifyHostHeader.php.

References TYPO3\CMS\Core\Middleware\VerifyHostHeader\isAllowedHostHeaderValue().

◆ webserverUsesHttps()

TYPO3\CMS\Core\Middleware\VerifyHostHeader::webserverUsesHttps ( array  $serverParams)
protected

Determine if the webserver uses HTTPS.

HEADS UP: This does not check if the client performed a HTTPS request, as possible proxies are not taken into account. It provides raw information about the current webservers configuration only.

Definition at line 115 of file VerifyHostHeader.php.

Member Data Documentation

◆ $trustedHostsPattern

string TYPO3\CMS\Core\Middleware\VerifyHostHeader::$trustedHostsPattern
protected

Definition at line 35 of file VerifyHostHeader.php.

Referenced by TYPO3\CMS\Core\Middleware\VerifyHostHeader\__construct().

◆ ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL

const TYPO3\CMS\Core\Middleware\VerifyHostHeader::ENV_TRUSTED_HOSTS_PATTERN_ALLOW_ALL = '.*'

Definition at line 32 of file VerifyHostHeader.php.

Referenced by TYPO3\CMS\Install\SystemEnvironment\SetupCheck\checkTrustedHostPattern(), TYPO3\CMS\Reports\Report\Status\SecurityStatus\getTrustedHostsPatternStatus(), and TYPO3\CMS\Core\Tests\Unit\Middleware\VerifyHostHeaderTest\processAllowsAllHostnameValuesIfHostPatternIsSetToAllowAll().

◆ ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME

const TYPO3\CMS\Core\Middleware\VerifyHostHeader::ENV_TRUSTED_HOSTS_PATTERN_SERVER_NAME = 'SERVER_NAME'

Definition at line 33 of file VerifyHostHeader.php.

Referenced by TYPO3\CMS\Core\Tests\Unit\Middleware\VerifyHostHeaderTest\isAllowedHostHeaderValueWorksCorrectlyWithWithServerNamePattern(), and TYPO3\CMS\Core\Tests\Unit\Middleware\VerifyHostHeaderTest\isAllowedHostHeaderValueWorksCorrectlyWithWithServerNamePatternAndSslProxy().