- Issue created by @Xen
The rediect to the login page copies the request headers. I discovered this because the redirect caused a 502 error on Platform.sh. That was caused by an empty Content-Length
sneaking in via the request and PSHs Nginx not liking it in the response.
Request headers shouldn't be uncritically copied to the response. Most request headers doesn't make sense in a response (Host:
for instance) and others could cause an information leak of headers used between internal systems.
With a working installation, one can run:
curl --head 'https://<host>/oauth/authorize?client_id=<client_id>&redirect_uri=<redirect_uri>&response_type=code' -H 'X-Some-Random: header'
and see the x-some-random
header in the output (the case change is due to Symfonys handling of headers.
Remove the code adding the request headers.
Active
5.2
Code