antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 9 Projects Releases 5 Activity Actions

* Fix bug 443: http://helma.org/bugs/show_bug.cgi?id=443

Browse source 
check cookie domains for proxied request using the x-forwarded-for header.
This commit is contained in:
hns 2005-11-03 14:03:07 +00:00
parent 96605d1c69
commit ddf4b1f8e7
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/helma/servlet/AbstractServletClient.java
View file

@ -275,7 +275,14 @@ public abstract class AbstractServletClient extends HttpServlet {
if (resCookieDomain != null) { if (resCookieDomain != null) {
// check if cookieDomain is valid for this response. // check if cookieDomain is valid for this response.
// (note: cookieDomain is guaranteed to be lower case) // (note: cookieDomain is guaranteed to be lower case)
if ((host != null) && (host.toLowerCase().indexOf(cookieDomain) == -1)) { // check for x-forwarded-for header, fix for bug 443
String proxiedHost = request.getHeader("x-forwarded-host");
if (proxiedHost != null) {
if (proxiedHost.toLowerCase().indexOf(cookieDomain) == -1) {
resCookieDomain = null;
}
} else if ((host != null) &&
host.toLowerCase().indexOf(cookieDomain) == -1) {
resCookieDomain = null; resCookieDomain = null;
} }
} }