From 9ef1e323279d730a88aedf04d556049c29fac1d6 Mon Sep 17 00:00:00 2001
From: Chocobo1 <Chocobo1@users.noreply.github.com>
Date: Sun, 20 Aug 2017 21:46:41 +0800
Subject: [PATCH] WebAPI: fix validating wrong header field. Closes #7311.

X-Forwarded-Host is a foreign proxy setting, it isn't the same as
qbt's local setting and thus it makes no sense to verify it.
---
 src/webui/abstractwebapplication.cpp | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/webui/abstractwebapplication.cpp b/src/webui/abstractwebapplication.cpp
index 786f3d954..4428328f7 100644
--- a/src/webui/abstractwebapplication.cpp
+++ b/src/webui/abstractwebapplication.cpp
@@ -420,8 +420,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
 
 bool AbstractWebApplication::validateHostHeader(const Http::Request &request, const Http::Environment &env, const QStringList &domains) const
 {
-    const QUrl hostHeader = QUrl::fromUserInput(
-                                request.headers.value(Http::HEADER_X_FORWARDED_HOST, request.headers.value(Http::HEADER_HOST)));
+    const QUrl hostHeader = QUrl::fromUserInput(request.headers.value(Http::HEADER_HOST));
 
     // (if present) try matching host header's port with local port
     const int requestPort = hostHeader.port();