Browse Source

Merge pull request #8008 from glassez/fix-ipv6

Fix WebUI is not reachable via IPv6
adaptive-webui-19844
Vladimir Golovnev 7 years ago committed by GitHub
parent
commit
84c84160fd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 14
      src/webui/abstractwebapplication.cpp

14
src/webui/abstractwebapplication.cpp

@ -86,6 +86,14 @@ struct WebSession @@ -86,6 +86,14 @@ struct WebSession
}
};
namespace
{
inline QUrl urlFromHostHeader(const QString &hostHeader)
{
return QUrl(QLatin1String("http://") + hostHeader);
}
}
// AbstractWebApplication
AbstractWebApplication::AbstractWebApplication(QObject *parent)
@ -415,7 +423,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co @@ -415,7 +423,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
// sent with CORS requests, as well as with POST requests
if (!originValue.isEmpty()) {
const bool isInvalid = !isSameOrigin(QUrl::fromUserInput(targetOrigin), originValue);
const bool isInvalid = !isSameOrigin(urlFromHostHeader(targetOrigin), originValue);
if (isInvalid)
Logger::instance()->addMessage(tr("WebUI: Origin header & Target origin mismatch!") + "\n"
+ tr("Source IP: '%1'. Origin header: '%2'. Target origin: '%3'")
@ -425,7 +433,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co @@ -425,7 +433,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
}
if (!refererValue.isEmpty()) {
const bool isInvalid = !isSameOrigin(QUrl::fromUserInput(targetOrigin), refererValue);
const bool isInvalid = !isSameOrigin(urlFromHostHeader(targetOrigin), refererValue);
if (isInvalid)
Logger::instance()->addMessage(tr("WebUI: Referer header & Target origin mismatch!") + "\n"
+ tr("Source IP: '%1'. Referer header: '%2'. Target origin: '%3'")
@ -439,7 +447,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co @@ -439,7 +447,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
bool AbstractWebApplication::validateHostHeader(const QStringList &domains) const
{
const QUrl hostHeader = QUrl::fromUserInput(request().headers[Http::HEADER_HOST]);
const QUrl hostHeader = urlFromHostHeader(request().headers[Http::HEADER_HOST]);
const QString requestHost = hostHeader.host();
// (if present) try matching host header's port with local port

Loading…
Cancel
Save