revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 01:02:42 +01:00
Code Issues Releases Wiki Activity

Strip port numbers from HTTP host headers before comparing them for cookie

Browse source 
purposes

Summary:
Browsers send port numbers (like ":443" or proxy ports) in the Host header and
we'll currently reject them with a message like:

> Blah is configured on "x.y.com" but you are accessing it on "x.y.com:443".

Instead, examine only the host part.

Test Plan: Had my local listen on port 81 and accessed Phabricator before/after
the change; it now works without throwing.

Reviewers: jungejason, tuomaspelkonen, aran

Reviewed By: jungejason

CC: aran, epriestley, abdul, jungejason

Differential Revision: 841
This commit is contained in:
epriestley 2011-08-20 13:55:17 -07:00
parent c04805cde4
commit 57208dfd52
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/aphront/request/AphrontRequest.php
View file

@ -190,7 +190,9 @@ class AphrontRequest {
$base_domain = $base_uri->getDomain();
$base_protocol = $base_uri->getProtocol();
$actual_host = $this->getHost();
// The "Host" header may include a port number; if so, ignore it. We can't
// use PhutilURI since there's no URI scheme.
list($actual_host) = explode(':', $this->getHost(), 2);
if ($base_domain != $actual_host) {
throw new Exception(
"This install of Phabricator is configured as '{$base_domain}' but ".