Ard Schrijvers pushed to branch master at cms-community / hippo-cms
Commits:
e543da10 by Ard Schrijvers at 2016-05-24T09:43:08+02:00
CMS-10101 more explicit logging in case the scheme does not match
Typically this is caused because of running behind a proxy that delegates a
https
request to http.
- - - - -
1 changed file:
-
engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java
Changes:
=====================================
engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java
=====================================
---
a/engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java
+++
b/engine/src/main/java/org/hippoecm/frontend/http/CsrfPreventionRequestCycleListener.java
@@ -479,7 +479,12 @@ public class CsrfPreventionRequestCycleListener extends
AbstractRequestCycleList
if (request == null)
return false;
- return origin.equalsIgnoreCase(request);
+ final boolean isLocal = origin.equalsIgnoreCase(request);
+ if (!isLocal && originHeader.startsWith("https:") &&
!request.startsWith("https:")) {
+ log.warn("Origin starts with https: but request starts with http:.
If you are running behind a proxy, make " +
+ "sure to set 'X-Forwarded-Proto: https' in the proxy");
+ }
+ return isLocal;
}
/**
View it on GitLab:
https://code.onehippo.org/cms-community/hippo-cms/commit/e543da10595038b8fea82bec667a347a4e184c25
_______________________________________________
Hippocms-svn mailing list
Hippocms-svn@lists.onehippo.org
https://lists.onehippo.org/mailman/listinfo/hippocms-svn
