* Fix bug 443: http://helma.org/bugs/show_bug.cgi?id=443

check cookie domains for proxied request using the x-forwarded-for header.
2005-11-03 14:03:07 +00:00 · 2005-11-03 14:03:07 +00:00 · ddf4b1f8e7
commit ddf4b1f8e7
parent 96605d1c69
1 changed files with 8 additions and 1 deletions
--- a/src/helma/servlet/AbstractServletClient.java
+++ b/src/helma/servlet/AbstractServletClient.java
@ -275,7 +275,14 @@ public abstract class AbstractServletClient extends HttpServlet {
            if (resCookieDomain != null) {
                // check if cookieDomain is valid for this response.
                // (note: cookieDomain is guaranteed to be lower case)
-                if ((host != null) && (host.toLowerCase().indexOf(cookieDomain) == -1)) {
+                // check for x-forwarded-for header, fix for bug 443
+                String proxiedHost = request.getHeader("x-forwarded-host");
+                if (proxiedHost != null) {
+                    if (proxiedHost.toLowerCase().indexOf(cookieDomain) == -1) {
+                        resCookieDomain = null;
+                    }
+                } else if ((host != null) &&
+                        host.toLowerCase().indexOf(cookieDomain) == -1) {
                    resCookieDomain = null;
                }
            }