From c1c536757327700be6524b0b81f6debc5c28b109 Mon Sep 17 00:00:00 2001
From: Jacob Dreesen <j.dreesen@neusta.de>
Date: Fri, 12 Nov 2021 10:52:25 +0100
Subject: [PATCH] Mitigate https://httpoxy.org/ vulnerabilities in nginx.conf

See: https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/#Defeating-the-Attack-using-NGINX-and-NGINX-Plus
---
 .docker/nginx.conf | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.docker/nginx.conf b/.docker/nginx.conf
index 5469004d..af816c3f 100644
--- a/.docker/nginx.conf
+++ b/.docker/nginx.conf
@@ -130,6 +130,9 @@ server {
         fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
         fastcgi_param DOCUMENT_ROOT $realpath_root;
 
+        # Mitigate https://httpoxy.org/ vulnerabilities
+        fastcgi_param HTTP_PROXY "";
+
         # If Xdebug session is requested, pass it to the Xdebug enabled container
         if ($http_cookie ~* "XDEBUG_SESSION") {
             fastcgi_pass php-pimcore10-debug;
@@ -164,4 +167,4 @@ server {
         access_log off;
         stub_status;
     }
-}
\ No newline at end of file
+}