https://bz.apache.org/bugzilla/show_bug.cgi?id=63688
Eric Covener <cove...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO --- Comment #3 from Eric Covener <cove...@gmail.com> --- can you try something like this since you had a sandbox env: Index: modules/proxy/mod_proxy_balancer.c =================================================================== --- modules/proxy/mod_proxy_balancer.c (revision 1866509) +++ modules/proxy/mod_proxy_balancer.c (working copy) @@ -1185,7 +1185,7 @@ /* Ignore parameters if this looks like XSRF */ ref = apr_table_get(r->headers_in, "Referer"); if (apr_table_elts(params) - && (!ref || !safe_referer(r, ref))) { + && (ref && !safe_referer(r, ref))) { ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO(10187) "ignoring params in balancer-manager cross-site access"); apr_table_clear(params); No referer should pass through IIUC. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org