svn commit: r793894 - in /incubator/shindig/trunk/php: config/container.php src/social/servlet/ApiServlet.php

[chabotc]

Author: chabotc
Date: Tue Jul 14 13:06:34 2009
New Revision: 793894

URL: http://svn.apache.org/viewvc?rev=793894&view=rev
Log:
SHINDIG-1111 by Loic Dachary - Configurable host name so that the base string 
matches in reverse proxy situations too

Modified:
    incubator/shindig/trunk/php/config/container.php
    incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php

Modified: incubator/shindig/trunk/php/config/container.php
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/config/container.php?rev=793894&r1=793893&r2=793894&view=diff
==============================================================================
--- incubator/shindig/trunk/php/config/container.php (original)
+++ incubator/shindig/trunk/php/config/container.php Tue Jul 14 13:06:34 2009
@@ -158,6 +158,11 @@
   // If your development server is behind a proxy, enter the proxy details 
here in 'proxy.host.com:port' format.
   'proxy' => '',
 
+
+  // If your server is behind a reverse proxy, set the real hostname here so 
that OAuth signatures match up, for example:
+  // 'http_host' => 'modules.partuza.nl'
+  'http_host' => false,
+
   // Container id, used for security token
   'container_id' => 'default'
 );

Modified: incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php
URL: 
http://svn.apache.org/viewvc/incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php?rev=793894&r1=793893&r2=793894&view=diff
==============================================================================
--- incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php (original)
+++ incubator/shindig/trunk/php/src/social/servlet/ApiServlet.php Tue Jul 14 
13:06:34 2009
@@ -100,8 +100,11 @@
   }
 
   public function getSecurityToken() {
+    // Support a configurable host name ('http_host' key) so that OAuth 
signatures don't fail in reverse-proxy type situations
+    $scheme = (! isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on") ? 
'http' : 'https';
+    $http_url = $scheme . '://' . (Config::get('http_host') ? 
Config::get('http_host') : $_SERVER['HTTP_HOST']) . $_SERVER['REQUEST_URI'];
     // see if we have an OAuth request
-    $request = OAuthRequest::from_request();
+    $request = OAuthRequest::from_request(null, $http_url, null);
     $appUrl = $request->get_parameter('oauth_consumer_key');
     $userId = $request->get_parameter('xoauth_requestor_id'); // from Consumer 
Request extension (2-legged OAuth)
     $signature = $request->get_parameter('oauth_signature');