mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-27 01:02:42 +01:00
Strip port numbers from HTTP host headers before comparing them for cookie
purposes Summary: Browsers send port numbers (like ":443" or proxy ports) in the Host header and we'll currently reject them with a message like: > Blah is configured on "x.y.com" but you are accessing it on "x.y.com:443". Instead, examine only the host part. Test Plan: Had my local listen on port 81 and accessed Phabricator before/after the change; it now works without throwing. Reviewers: jungejason, tuomaspelkonen, aran Reviewed By: jungejason CC: aran, epriestley, abdul, jungejason Differential Revision: 841
This commit is contained in:
parent
c04805cde4
commit
57208dfd52
1 changed files with 3 additions and 1 deletions
|
@ -190,7 +190,9 @@ class AphrontRequest {
|
|||
$base_domain = $base_uri->getDomain();
|
||||
$base_protocol = $base_uri->getProtocol();
|
||||
|
||||
$actual_host = $this->getHost();
|
||||
// The "Host" header may include a port number; if so, ignore it. We can't
|
||||
// use PhutilURI since there's no URI scheme.
|
||||
list($actual_host) = explode(':', $this->getHost(), 2);
|
||||
if ($base_domain != $actual_host) {
|
||||
throw new Exception(
|
||||
"This install of Phabricator is configured as '{$base_domain}' but ".
|
||||
|
|
Loading…
Reference in a new issue