问题
在 docker 下部署了一套禅道系统,然后用 nginx反代本地端口,加上 SSL 证书后发现登录不上。
解决
在 /framework/base/router.class.php的 648 行,注释掉下面三行:
/* Change for CSRF. */
if($this->config->framework->filterCSRF)
{
//$httpType = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on') ? 'https' : 'http';
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) and strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https') $httpType = 'https';
if(isset($_SERVER['REQUEST_SCHEME']) and strtolower($_SERVER['REQUEST_SCHEME']) == 'https') $httpType = 'https';
//$httpHost = zget($_SERVER, 'HTTP_HOST', '');
$apiMode = (defined('RUN_MODE') && RUN_MODE == 'api') || isset($_GET[$this->config->sessionVar]);
//if(!$apiMode && (empty($httpHost) or strpos($this->server->http_referer, "$httpType://$httpHost") !== 0)) $_FILES = $_POST = array();
}也可以在配置文件中关闭CSRF功能,在config/my.php文件中添加一条配置项:
$config->framework->filterCSRF = false;