Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29497

Updating to Symfony 2.8.44 breaks site when requested via Varnish

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 5.4.12
    • Fix Version/s: Customer request
    • Component/s: None
    • Labels:
      None

      Description

      After updating Symfony to newest (in time of writing) 2.8 version (2.8.44) page under Varnish will break with

      Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\BadRequestHttpException: "The request headers contain conflicting information regarding the origin of this request."
      

      Steps to reproduce:
      1. Fresh installation of 5.4.12 with a demo content
      2. Update Symfony package to 2.8.44 via composer update
      3. Access site via Varnish.

      Result:
      The page will fail to load with 500 error:

      An exception has been thrown during the rendering of a template ("The request headers contain conflicting information regarding the origin of this request.").
      500 Internal Server Error - Twig_Error_Runtime
      2 linked Exceptions: BadRequestHttpException » ConflictingHeadersException »
      

      The issue is related to newest security patch for HttpCache and X-Forwarded-Host header:
      http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                mateusz.bieniek@ez.no Mateusz Bieniek
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: