Ard Schrijvers pushed to branch master at cms-community / hippo-cms
Commits: e543da10 by Ard Schrijvers at 2016-05-24T09:43:08+02:00 CMS-10101 more explicit logging in case the scheme does not match Typically this is caused because of running behind a proxy that delegates a https request to http. - - - - - 1 changed file: - engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java Changes: ===================================== engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java ===================================== --- a/engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java +++ b/engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java @@ -479,7 +479,12 @@ public class CsrfPreventionRequestCycleListener extends AbstractRequestCycleList if (request == null) return false; - return origin.equalsIgnoreCase(request); + final boolean isLocal = origin.equalsIgnoreCase(request); + if (!isLocal && originHeader.startsWith("https:") && !request.startsWith("https:")) { + log.warn("Origin starts with https: but request starts with http:. If you are running behind a proxy, make " + + "sure to set 'X-Forwarded-Proto: https' in the proxy"); + } + return isLocal; } /** View it on GitLab: https://code.onehippo.org/cms-community/hippo-cms/commit/e543da10595038b8fea82bec667a347a4e184c25
_______________________________________________ Hippocms-svn mailing list Hippocms-svn@lists.onehippo.org https://lists.onehippo.org/mailman/listinfo/hippocms-svn