Merge pull request #201 from KimTom89/fix/samesite-condition

Fix gnuboard/gnuboard5#200 HTTP_X_FORWARDED_PROTO 조건 추가
2022-09-01 15:07:29 +09:00
parent 1e6710a55b 25b3d8f6ed
commit 9e4a8a95b0
1 changed files with 6 additions and 1 deletions
--- a/common.php
+++ b/common.php
@ -362,7 +362,12 @@ if( $config['cf_cert_use'] || (defined('G5_YOUNGCART_VER') && G5_YOUNGCART_VER)

            // IE 브라우저 또는 엣지브라우저 또는 IOS 모바일과 http환경에서는 secure; SameSite=None을 설정하지 않습니다.
            if (isset($_SERVER['HTTP_USER_AGENT'])) {
-                if( preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT']) || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT']) || ! (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ){
+                if (preg_match('/Edge/i', $_SERVER['HTTP_USER_AGENT'])
+                    || preg_match('/(iPhone|iPod|iPad).*AppleWebKit.*Safari/i', $_SERVER['HTTP_USER_AGENT'])
+                    || preg_match('~MSIE|Internet Explorer~i', $_SERVER['HTTP_USER_AGENT'])
+                    || preg_match('~Trident/7.0(; Touch)?; rv:11.0~',$_SERVER['HTTP_USER_AGENT'])
+                    || !(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
+                    || !(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == "https")){
                    return $res;
                }
            }