https://bz.apache.org/bugzilla/show_bug.cgi?id=63688
Eric Covener <cove...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #3 from Eric Covener <cove...@gmail.com> ---
can you try something like this since you had a sandbox env:
Index: modules/proxy/mod_proxy_balancer.c
===================================================================
--- modules/proxy/mod_proxy_balancer.c (revision 1866509)
+++ modules/proxy/mod_proxy_balancer.c (working copy)
@@ -1185,7 +1185,7 @@
/* Ignore parameters if this looks like XSRF */
ref = apr_table_get(r->headers_in, "Referer");
if (apr_table_elts(params)
- && (!ref || !safe_referer(r, ref))) {
+ && (ref && !safe_referer(r, ref))) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10187)
"ignoring params in balancer-manager cross-site
access");
apr_table_clear(params);
No referer should pass through IIUC.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org
