Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#2444 closed Bug (fixed)

HTTP_HOST mangling causes Login to fail for some users

Reported by: vipsoft Owned by: vipsoft
Priority: major Milestone: 1.5 - Piwik 1.5
Component: Core Keywords:
Cc: Sensitive: no

Description (last modified by vipsoft)

In some environments, a fixup is applied to HTTP_HOST such that it doesn't match the host in SCRIPT_URI. Example:

This causes isLocalUrl() and ultimately, the Nonce verification on the Referer to fail.

Change History (8)

comment:1 Changed 3 years ago by vipsoft (robocoder)

  • Summary changed from HTTP_HOST mangling causes Login to fails for some users to HTTP_HOST mangling causes Login to fail for some users

comment:2 Changed 3 years ago by vipsoft (robocoder)

  • Description modified (diff)

comment:3 Changed 3 years ago by vipsoft (robocoder)

  • Resolution set to fixed
  • Status changed from new to closed

(In [4750]) fixes #2444

comment:4 Changed 3 years ago by vipsoft (robocoder)

(In [4754]) refs #2444 - relax isLocalReferer() test so that it's comparable to the Origin: test

comment:8 Changed 3 years ago by vipsoft (robocoder)

(In [4760]) refs #2444 - re-enable unit test

Note: See TracTickets for help on using tickets.