通過源代碼部署禪道,從15.0.3升級15.6后,原有正常的https訪問無法登錄了,也不提示錯誤
部署方式為 nginx(443)做ssl卸載 -> apache(80)->php
升級15.6后,使用 https://zentao.xxx.com登錄異常,使用http://zentao.xxx.com登錄沒問題。
進入到禪道的根目錄,我的是/data/zentao/www/這是我docker映射到外部的,也就是zentaopms下面
注釋掉下面的三行
vim /data/zentao/www/framework/base/router.class.php #找到https /* Change for CSRF. */ if($this->config->framework->filterCSRF) { //$httpType = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http'; if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) and strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https') $httpType = 'https'; if(isset($_SERVER['REQUEST_SCHEME']) and strtolower($_SERVER['REQUEST_SCHEME']) == 'https') $httpType = 'https'; //$httpHost = zget($_SERVER, 'HTTP_HOST', ''); $apiMode = (defined('RUN_MODE') && RUN_MODE == 'api') || isset($_GET[$this->config->sessionVar]); //if(!$apiMode && (empty($httpHost) or strpos($this->server->http_referer, "$httpType://$httpHost") !== 0)) $_FILES = $_POST = array(); }
參考文檔:https://www.zentao.net/ask/36770.html