isSecure example

$nonce = base64_encode(random_bytes(8));
        $event->getRequest()->attributes->set(PlatformRequest::ATTRIBUTE_CSP_NONCE, $nonce);
    }

    public function setSecurityHeaders(ResponseEvent $event): void
    {
        if (!$event->getResponse()->isSuccessful()) {
            return;
        }

        $response = $event->getResponse();
        if ($event->getRequest()->isSecure()) {
            $response->headers->set('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
        }
        $response->headers->set('X-Frame-Options', 'deny');
        $response->headers->set('X-Content-Type-Options', 'nosniff');
        $response->headers->set('Referrer-Policy', 'strict-origin-when-cross-origin');

        $cspTemplate = $this->cspTemplates['default'] ?? '';

        $scopes = $event->getRequest()->attributes->get(PlatformRequest::ATTRIBUTE_ROUTE_SCOPE, []);

        foreach ($scopes as $scope) {
            
use Shopware\Components\Routing\PostFilterInterface;

class FrontendPostFilter implements PostFilterInterface
{
    /** * {@inheritdoc} */
    public function postFilter($url, Context $context)
    {
        $params = $context->getParams();
        if ($this->isFullPath($params)) {
            $url = ($context->isSecure() ? 'https://' : 'http://')
                . $context->getHost()
                . $context->getBaseUrl()
                . '/' . $url;
        }

        return $url;
    }

    /** * @return bool */
    


        return $request->getBasePath();
    }

    public function isSecure(): bool
    {
        if (!$request = $this->requestStack->getMainRequest()) {
            return $this->secure;
        }

        return $request->isSecure();
    }
}

    protected function configure()
    {
        ini_set('session.name', $this->config->cookieName);

        $sameSite = $this->cookie->getSameSite() ?: ucfirst(Cookie::SAMESITE_LAX);

        $params = [
            'lifetime' => $this->config->expiration,
            'path'     => $this->cookie->getPath(),
            'domain'   => $this->cookie->getDomain(),
            'secure'   => $this->cookie->isSecure(),
            'httponly' => true, // HTTP only; Yes, this is intentional and not configurable for security reasons.             'samesite' => $sameSite,
        ];

        ini_set('session.cookie_samesite', $sameSite);
        session_set_cookie_params($params);

        if ($this->config->expiration > 0) {
            ini_set('session.gc_maxlifetime', (string) $this->config->expiration);
        }

        

    private function createFallbackMediaUrl()
    {
        $request = $this->container->get('front')->Request();

        if ($request && $request->getHttpHost()) {
            return ($request->isSecure() ? 'https' : 'http') . '://' . $request->getHttpHost() . $request->getBasePath() . '/';
        }

        if ($this->container->initialized('shop')) {
            $shop = $this->container->get('shop');
        } else {
            $shop = $this->container->get(ModelManager::class)->getRepository(Shop::class)->getActiveDefault();
        }

        if ($shop->getMain()) {
            $shop = $shop->getMain();
        }

        

    public function getPluginInformation(Response $response, Request $request)
    {
        if (!$this->isPluginsSubscriptionCookieValid($request)) {
            return false;
        }

        try {
            $cookie = new Cookie('lastCheckSubscriptionDate', date('dmY')time() + 60 * 60 * 24, '/', null, $request->isSecure());
            $response->headers->setCookie($cookie);

            return $this->getPluginInformationFromApi();
        } catch (ShopSecretException $e) {
            $this->exception = $e;
            $this->resetShopSecret();

            return false;
        } catch (Exception $e) {
            $this->exception = $e;

            
$data['vars']['post'][esc($name)] = is_array($value) ? '<pre>' . esc(print_r($value, true)) . '</pre>' : esc($value);
        }

        foreach ($request->headers() as $header) {
            $data['vars']['headers'][esc($header->getName())] = esc($header->getValueLine());
        }

        foreach ($request->getCookie() as $name => $value) {
            $data['vars']['cookies'][esc($name)] = esc($value);
        }

        $data['vars']['request'] = ($request->isSecure() ? 'HTTPS' : 'HTTP') . '/' . $request->getProtocolVersion();

        $data['vars']['response'] = [
            'statusCode'  => $response->getStatusCode(),
            'reason'      => esc($response->getReasonPhrase()),
            'contentType' => esc($response->getHeaderLine('content-type')),
            'headers'     => [],
        ];

        foreach ($response->headers() as $header) {
            $data['vars']['response']['headers'][esc($header->getName())] = esc($header->getValueLine());
        }

        
/** * {@inheritdoc} */
  public function buildForm(array $form, FormStateInterface $form_state) {
    // Get all the available ways to transfer files.     $available_backends = $this->getRequest()->getSession()->get('authorize_filetransfer_info', []);
    if (empty($available_backends)) {
      $this->messenger()->addError($this->t('Unable to continue, no available methods of file transfer'));
      return [];
    }

    if (!$this->getRequest()->isSecure()) {
      $form['information']['https_warning'] = [
        '#prefix' => '<div class="messages messages--error">',
        '#markup' => $this->t('WARNING: You are not using an encrypted connection, so your password will be sent in plain text. <a href=":https-link">Learn more</a>.', [':https-link' => 'https://www.drupal.org/https-information']),
        '#suffix' => '</div>',
      ];
    }

    // Decide on a default backend.     $authorize_filetransfer_default = $form_state->getValue(['connection_settings', 'authorize_filetransfer_default']);
    if (!$authorize_filetransfer_default) {
      $authorize_filetransfer_default = key($available_backends);
    }
return;
        }

        if ($restoreData) {
            $controller->Response()->headers->setCookie(
                new Cookie(
                    $restoreData->getSessionName(),
                    $restoreData->getValue(),
                    0,
                    \ini_get('session.cookie_path'),
                    null,
                    $request->isSecure()
                )
            );
        }

        $params = $request->getParams();
        unset($params[PaymentTokenService::TYPE_PAYMENT_TOKEN]);

        $controller->redirect($params);
    }
}
// We need to allow it on login, otherwise the state is wrong         if (!($route === 'frontend.account.login' || $request->getMethod() === Request::METHOD_GET)) {
            return;
        }

        if ($context->getCustomer() || $cart->getLineItems()->count() > 0) {
            $newValue = $this->buildCacheHash($context);

            if ($request->cookies->get(self::CONTEXT_CACHE_COOKIE, '') !== $newValue) {
                $cookie = Cookie::create(self::CONTEXT_CACHE_COOKIE, $newValue);
                $cookie->setSecureDefault($request->isSecure());

                $response->headers->setCookie($cookie);
            }
        } elseif ($request->cookies->has(self::CONTEXT_CACHE_COOKIE)) {
            $response->headers->removeCookie(self::CONTEXT_CACHE_COOKIE);
            $response->headers->clearCookie(self::CONTEXT_CACHE_COOKIE);
        }

        /** @var bool|array{maxAge?: int, states?: list<string>}|null $cache */
        $cache = $request->attributes->get(PlatformRequest::ATTRIBUTE_HTTP_CACHE);
        if (!$cache) {
            

    return NULL;
  }

  /** * {@inheritdoc} */
  public function buildConfigurationForm(array $form, FormStateInterface $form_state) {
    $form = parent::buildConfigurationForm($form$form_state);

    $domain = $this->configFactory->get('media.settings')->get('iframe_domain');
    if (!$this->iFrameUrlHelper->isSecure($domain)) {
      array_unshift($form[
        '#markup' => '<p>' . $this->t('It is potentially insecure to display oEmbed content in a frame that is served from the same domain as your main Drupal site, as this may allow execution of third-party code. <a href=":url">You can specify a different domain for serving oEmbed content in the Media settings</a>.', [
          ':url' => Url::fromRoute('media.settings')->setAbsolute()->toString(),
        ]) . '</p>',
      ]);
    }

    $form['thumbnails_directory'] = [
      '#type' => 'textfield',
      '#title' => $this->t('Thumbnails location'),
      '#default_value' => $this->configuration['thumbnails_directory'],
      
static::assertTrue($app->getRequest()->server->has('good'));
        static::assertFalse($app->getRequest()->server->has('bad'));
    }

    public function testHttpsRequest(): void
    {
        $orgRequest = new Request();
        $orgRequest->server->set('HTTPS', '1');
        $orgRequest->server->set('SERVER_NAME', 'localhost');
        $orgRequest->server->set('SERVER_PORT', '443');

        static::assertTrue($orgRequest->isSecure());

        $appVariable = $this->createMock(AppVariable::class);
        $appVariable->method('getRequest')->willReturn($orgRequest);

        $app = new TwigAppVariable($appVariable$this->getContainer()->getParameter('shopware.twig.app_variable.allowed_server_params'));

        static::assertTrue($app->getRequest()->isSecure());
        static::assertSame('https://localhost', $app->getRequest()->getSchemeAndHttpHost());
    }
}

    private function getBaseUrlReal(): string
    {
        return $this->baseUrl ??= $this->prepareBaseUrl();
    }

    /** * Gets the request's scheme. */
    public function getScheme(): string
    {
        return $this->isSecure() ? 'https' : 'http';
    }

    /** * Returns the port on which the request is made. * * This method can read the client port from the "X-Forwarded-Port" header * when trusted proxies were set via "setTrustedProxies()". * * The "X-Forwarded-Port" header must contain the client port. * * @return int|string|null Can be a string if fetched from the server bag */
/** * {@inheritdoc} */
  public function getOptions(Request $request) {
    $options = $this->options;

    // Generate / validate the cookie domain.     $options['cookie_domain'] = $this->getCookieDomain($request) ?: '';

    // If the site is accessed via SSL, ensure that the session cookie is     // issued with the secure flag.     $options['cookie_secure'] = $request->isSecure();

    // Set the session cookie name.     $options['name'] = $this->getName($request);

    return $options;
  }

  /** * Returns the session cookie name. * * @param \Symfony\Component\HttpFoundation\Request $request * The request. * * @return string * The name of the session cookie. */
private function setContextCookie(Request $request, ShopContextInterface $context, Response $response): void
    {
        $hash = json_encode($context->getTaxRules()) . json_encode($context->getCurrentCustomerGroup());

        $hash = $this->eventManager->filter('Shopware_Plugins_HttpCache_ContextCookieValue', $hash[
            'shopContext' => $context,
            'session' => $this->session,
            'request' => $request,
            'response' => $response,
        ]);

        $response->setCookie('x-cache-context-hash', sha1($hash), 0, $request->getBasePath() . '/', null, $request->isSecure());
    }
}
Home | Imprint | This part of the site doesn't use cookies.