Repository: couchdb-chttpd Updated Branches: refs/heads/master 8aa7adfb4 -> 96e1e008e
Don't pass CSRF cookie to replicator COUCHDB-2781 Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/96e1e008 Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/96e1e008 Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/96e1e008 Branch: refs/heads/master Commit: 96e1e008e5b9b2e77b510bc1e862b5c86fee92c7 Parents: 8aa7adf Author: Robert Newson <[email protected]> Authored: Wed Aug 19 16:41:06 2015 +0100 Committer: Robert Newson <[email protected]> Committed: Wed Aug 19 16:53:43 2015 +0100 ---------------------------------------------------------------------- src/chttpd.erl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/96e1e008/src/chttpd.erl ---------------------------------------------------------------------- diff --git a/src/chttpd.erl b/src/chttpd.erl index 52400ca..8e152f6 100644 --- a/src/chttpd.erl +++ b/src/chttpd.erl @@ -402,9 +402,17 @@ make_uri(Req, Raw) -> ":", config:get("chttpd", "port"), "/", Raw]), Headers = [ {<<"authorization">>, ?l2b(header_value(Req,"authorization",""))}, - {<<"cookie">>, ?l2b(header_value(Req,"cookie",""))} + {<<"cookie">>, ?l2b(extract_cookie(Req))} ], {[{<<"url">>,Url}, {<<"headers">>,{Headers}}]}. + +extract_cookie(#httpd{mochi_req = MochiReq}) -> + case MochiReq:get_cookie_value("AuthSession") of + undefined -> + ""; + AuthSession -> + "AuthSession=" ++ AuthSession + end. %%% end hack authenticate_request(Req) ->
