[07/13] incubator-guacamole-client git commit: GUACAMOLE-47: Remove XFF header code due to security concerns.

Sat, 28 Jan 2017 10:52:56 -0800 

GUACAMOLE-47: Remove XFF header code due to security concerns.


Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/commit/3fadac63
Tree: 
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/tree/3fadac63
Diff: 
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/diff/3fadac63

Branch: refs/heads/master
Commit: 3fadac632c1d98aa6071728ada5af024e8eede88
Parents: 00df0d7
Author: Nick Couchman <[email protected]>
Authored: Sat Jan 28 12:58:53 2017 -0500
Committer: Nick Couchman <[email protected]>
Committed: Sat Jan 28 13:40:09 2017 -0500

----------------------------------------------------------------------
 .../main/java/org/apache/guacamole/rest/APIRequest.java  | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-guacamole-client/blob/3fadac63/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java
----------------------------------------------------------------------
diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java 
b/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java
index 57839a5..bdef6f4 100644
--- a/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java
+++ b/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java
@@ -68,17 +68,14 @@ public class APIRequest extends HttpServletRequestWrapper {
 
         super(request);
 
-        // Try a few methods to get client info.
-        if (request.getHeader("X-Forwarded-For") != null && 
!request.getHeader("X-Forwarded-For").isEmpty())
-            this.remoteHost = null;
-        else if (request.getRemoteHost() != null && 
!request.getRemoteHost().isEmpty())
+        // Grab the remote host info.
+        if (request.getRemoteHost() != null && 
!request.getRemoteHost().isEmpty())
             this.remoteHost = request.getRemoteHost();
         else
             this.remoteHost = null;
 
-        if(request.getHeader("X-Forwarded-For") != null && 
!request.getHeader("X-Forwarded-For").isEmpty())
-            this.remoteAddr = request.getHeader("X-Forwarded-For");
-        else if(request.getRemoteHost() != null && 
!request.getRemoteAddr().isEmpty())
+       // Grab the remote ip info.
+        if(request.getRemoteHost() != null && 
!request.getRemoteAddr().isEmpty())
             this.remoteAddr = request.getRemoteAddr();
         else
             this.remoteAddr = null;

Reply via email to