Details
-
Bug
-
Resolution: Fixed
-
High
-
5.4.12
-
None
-
None
Description
After updating Symfony to newest (in time of writing) 2.8 version (2.8.44) page under Varnish will break with
Uncaught PHP Exception Symfony\Component\HttpKernel\Exception\BadRequestHttpException: "The request headers contain conflicting information regarding the origin of this request."
Steps to reproduce:
1. Fresh installation of 5.4.12 with a demo content
2. Update Symfony package to 2.8.44 via composer update
3. Access site via Varnish.
Result:
The page will fail to load with 500 error:
An exception has been thrown during the rendering of a template ("The request headers contain conflicting information regarding the origin of this request.").
500 Internal Server Error - Twig_Error_Runtime
2 linked Exceptions: BadRequestHttpException » ConflictingHeadersException »
The issue is related to newest security patch for HttpCache and X-Forwarded-Host header:
http://symfony.com/blog/cve-2018-14774-possible-host-header-injection-when-using-httpcache
Attachments
Issue Links
- relates to
-
EZP-29492 BadRequestHttpException
- Open