Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

HTTP_HOST mangling causes Login to fail for some users #2444

Closed
robocoder opened this Issue · 6 comments

1 participant

Anthon Pang
Anthon Pang
Collaborator

In some environments, a fixup is applied to HTTP_HOST such that it doesn't match the host in SCRIPT_URI. Example:

This causes isLocalUrl() and ultimately, the Nonce verification on the Referer to fail.

Anthon Pang
Collaborator

(In [4750]) fixes #2444

Anthon Pang
Collaborator

(In [4754]) refs #2444 - relax isLocalReferer() test so that it's comparable to the Origin: test

Anthon Pang
Collaborator

(In [4756]) refs #2444

Anthon Pang
Collaborator

(In [4757]) refs #2444

Anthon Pang
Collaborator

(In [4758]) refs #2444

Anthon Pang
Collaborator

(In [4760]) refs #2444 - re-enable unit test

Anthon Pang robocoder added this to the 1.5 - Piwik 1.5 milestone
Anthon Pang robocoder self-assigned this
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.