From 2281246816fff29469dcaae6eb8e04cbbea56363 Mon Sep 17 00:00:00 2001 From: Adam Hatherly Date: Tue, 29 Nov 2016 13:26:41 +0000 Subject: [PATCH] Set the Host header on http requests to openid-connect endpoint so it works behind a reverse proxy --- includes/openid-connect-generic-client.php | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/includes/openid-connect-generic-client.php b/includes/openid-connect-generic-client.php index 4561c89..54df5de 100644 --- a/includes/openid-connect-generic-client.php +++ b/includes/openid-connect-generic-client.php @@ -94,6 +94,11 @@ class OpenID_Connect_Generic_Client { * @return array|\WP_Error */ function request_authentication_token( $code ) { + + // Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy + $parsed_url = parse_url($this->endpoint_token); + $host = $parsed_url['host']; + $request = array( 'body' => array( 'code' => $code, @@ -102,7 +107,8 @@ class OpenID_Connect_Generic_Client { 'redirect_uri' => $this->redirect_uri, 'grant_type' => 'authorization_code', 'scope' => $this->scope, - ) + ), + 'headers' => array( 'Host' => $host ) ); // allow modifications to the request @@ -156,6 +162,11 @@ class OpenID_Connect_Generic_Client { $request['headers']['Authorization'] = 'Bearer '.$access_token; + // Add Host header - required for when the openid-connect endpoint is behind a reverse-proxy + $parsed_url = parse_url($this->endpoint_userinfo); + $host = $parsed_url['host']; + $request['headers']['Host'] = $host; + // attempt the request including the access token in the query string for backwards compatibility $response = wp_remote_get( $this->endpoint_userinfo . '?access_token=' . $access_token, $request ); @@ -207,7 +218,6 @@ class OpenID_Connect_Generic_Client { if ( isset( $states[ $state ] ) ) { // state is valid, remove it unset( $states[ $state ] ); - $valid = TRUE; }