Arthur Bogaart pushed to branch feature/CMS-8910 at cms-community / hippo-cms
Commits: 0648e340 by Tobias Jeger at 2016-12-06T16:54:01+01:00 CMS-16 Add QA-class for automated testing - - - - - 27415cb6 by Ard Schrijvers at 2016-12-12T17:51:14+01:00 CMS-10554 Use correct host in case request is delegated by a proxy like a CDN Instead of having the 'Host' header as fallback for the 'X-Forwarded-Host' have the 'X-Forwarded-Host' header as fallback of 'Host' header. 'Host' header is since HTTP/1.1 mandatory and we have documented everywhere that this 'Host' header must be preserved when running with proxies like httpd / haproxy / nginx, etc. Next to that, small trivial code improvement that if getRenderingHost is not null, we directly return: The getRenderingHost never returns a comma separated hosts string but always a single host and is only used internally between channel mngr and HST communication - - - - - 74277295 by Arthur Bogaart at 2016-12-15T11:53:27+01:00 CMS-8910 Merge master changes in feature/CMS-8910 - - - - - 3 changed files: - engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java - engine/src/main/java/org/hippoecm/frontend/service/restproxy/RestProxyServicePlugin.java - perspectives/src/main/java/org/hippoecm/frontend/plugins/cms/edit/EditPerspective.java Changes: ===================================== engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java ===================================== --- a/engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java +++ b/engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java @@ -560,7 +560,14 @@ public class CsrfPreventionRequestCycleListener extends AbstractRequestCycleList private String getLocationHeaderOrigin(HttpServletRequest request) { - String host = request.getHeader("X-Forwarded-Host"); + String host = request.getHeader("Host"); + if (host != null && !"".equals(host)) { + final String location = getFarthestRequestScheme(request) + "://" + host; + log.debug("Host header found. Return location '{}'", location); + return location; + } + + host = request.getHeader("X-Forwarded-Host"); if (host != null) { String[] hosts = host.split(","); final String location = getFarthestRequestScheme(request) + "://" + hosts[0]; @@ -568,13 +575,6 @@ public class CsrfPreventionRequestCycleListener extends AbstractRequestCycleList return location; } - host = request.getHeader("Host"); - if (host != null && !"".equals(host)) { - final String location = getFarthestRequestScheme(request) + "://" + host; - log.debug("Host header found. Return location '{}'", location); - return location; - } - // Build scheme://host:port from request StringBuilder target = new StringBuilder(); String scheme = request.getScheme(); ===================================== engine/src/main/java/org/hippoecm/frontend/service/restproxy/RestProxyServicePlugin.java ===================================== --- a/engine/src/main/java/org/hippoecm/frontend/service/restproxy/RestProxyServicePlugin.java +++ b/engine/src/main/java/org/hippoecm/frontend/service/restproxy/RestProxyServicePlugin.java @@ -224,16 +224,18 @@ public class RestProxyServicePlugin extends Plugin implements IRestProxyService protected String getFarthestRequestHost() { final HttpServletRequest request = (HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest(); - String host = request.getHeader("X-Forwarded-Host"); + String host = request.getHeader("Host"); + if (host != null && !"".equals(host)) { + return host; + } + + host = request.getHeader("X-Forwarded-Host"); if (host != null) { String [] hosts = host.split(","); return hosts[0].trim(); } - host = request.getHeader("Host"); - if (host != null && !"".equals(host)) { - return host; - } + // should never happen : HTTP/1.0 based browser clients are unlikely to login in the cms :) int serverPort = request.getServerPort(); if (serverPort == 80 || serverPort == 443 || serverPort <= 0) { ===================================== perspectives/src/main/java/org/hippoecm/frontend/plugins/cms/edit/EditPerspective.java ===================================== --- a/perspectives/src/main/java/org/hippoecm/frontend/plugins/cms/edit/EditPerspective.java +++ b/perspectives/src/main/java/org/hippoecm/frontend/plugins/cms/edit/EditPerspective.java @@ -68,6 +68,7 @@ public class EditPerspective extends Perspective { super(context, config); add(CssClass.append("hippo-editor")); + add(CssClass.append("qa-editor")); feedback = new FeedbackPanel("feedback", message -> { final String serviceId = config.getString(RenderService.FEEDBACK); View it on GitLab: https://code.onehippo.org/cms-community/hippo-cms/compare/5e715b5a62d5d475ade377a92385b3b572ff2998...74277295f405d38e16f1ebf7bf06b88569fb6d27
_______________________________________________ Hippocms-svn mailing list Hippocms-svn@lists.onehippo.org https://lists.onehippo.org/mailman/listinfo/hippocms-svn