Browse Source

Fix WebUI is not reachable via IPv6

adaptive-webui-19844
Vladimir Golovnev (Glassez) 7 years ago
parent
commit
fcde1ba09c
No known key found for this signature in database
GPG Key ID: 52A2C7DEE2DFA6F7
  1. 14
      src/webui/abstractwebapplication.cpp

14
src/webui/abstractwebapplication.cpp

@ -86,6 +86,14 @@ struct WebSession
} }
}; };
namespace
{
inline QUrl urlFromHostHeader(const QString &hostHeader)
{
return QUrl(QLatin1String("http://") + hostHeader);
}
}
// AbstractWebApplication // AbstractWebApplication
AbstractWebApplication::AbstractWebApplication(QObject *parent) AbstractWebApplication::AbstractWebApplication(QObject *parent)
@ -415,7 +423,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
// sent with CORS requests, as well as with POST requests // sent with CORS requests, as well as with POST requests
if (!originValue.isEmpty()) { if (!originValue.isEmpty()) {
const bool isInvalid = !isSameOrigin(QUrl::fromUserInput(targetOrigin), originValue); const bool isInvalid = !isSameOrigin(urlFromHostHeader(targetOrigin), originValue);
if (isInvalid) if (isInvalid)
Logger::instance()->addMessage(tr("WebUI: Origin header & Target origin mismatch!") + "\n" Logger::instance()->addMessage(tr("WebUI: Origin header & Target origin mismatch!") + "\n"
+ tr("Source IP: '%1'. Origin header: '%2'. Target origin: '%3'") + tr("Source IP: '%1'. Origin header: '%2'. Target origin: '%3'")
@ -425,7 +433,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
} }
if (!refererValue.isEmpty()) { if (!refererValue.isEmpty()) {
const bool isInvalid = !isSameOrigin(QUrl::fromUserInput(targetOrigin), refererValue); const bool isInvalid = !isSameOrigin(urlFromHostHeader(targetOrigin), refererValue);
if (isInvalid) if (isInvalid)
Logger::instance()->addMessage(tr("WebUI: Referer header & Target origin mismatch!") + "\n" Logger::instance()->addMessage(tr("WebUI: Referer header & Target origin mismatch!") + "\n"
+ tr("Source IP: '%1'. Referer header: '%2'. Target origin: '%3'") + tr("Source IP: '%1'. Referer header: '%2'. Target origin: '%3'")
@ -439,7 +447,7 @@ bool AbstractWebApplication::isCrossSiteRequest(const Http::Request &request) co
bool AbstractWebApplication::validateHostHeader(const QStringList &domains) const bool AbstractWebApplication::validateHostHeader(const QStringList &domains) const
{ {
const QUrl hostHeader = QUrl::fromUserInput(request().headers[Http::HEADER_HOST]); const QUrl hostHeader = urlFromHostHeader(request().headers[Http::HEADER_HOST]);
const QString requestHost = hostHeader.host(); const QString requestHost = hostHeader.host();
// (if present) try matching host header's port with local port // (if present) try matching host header's port with local port

Loading…
Cancel
Save