Uploaded image for project: 'eZ Publish / Platform'
  1. eZ Publish / Platform
  2. EZP-29497

Updating to Symfony 2.8.44 breaks site when requested via Varnish

    XMLWordPrintable

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: High High
    • Customer request
    • 5.4.12
    • None
    • None

    Description

      After updating Symfony to newest (in time of writing) 2.8 version (2.8.44) page under Varnish will break with 

      Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\BadRequestHttpException: "The request headers contain conflicting information regarding the origin of this request."

      Steps to reproduce:
      1. Fresh installation of 5.4.12 with a demo content
      2. Update Symfony package to 2.8.44 via composer update
      3. Access site via Varnish.

      Result:
      The page will fail to load with 500 error:

      An exception has been thrown during the rendering of a template ("The request headers contain conflicting information regarding the origin of this request.").
500 Internal Server Error - Twig_Error_Runtime
2 linked Exceptions: BadRequestHttpException » ConflictingHeadersException »

      The issue is related to newest security patch for HttpCache and X-Forwarded-Host header:
      http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache

      Attachments

        Activity

          People

            Unassigned Unassigned
            mateusz.bieniek@ibexa.co Mateusz Bieniek
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: