mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-04 10:24:42 +02:00
Fix hostname detection
This commit is contained in:
parent
a52f15e5e8
commit
2dd9e1b14f
@ -9,6 +9,26 @@
|
||||
* ---- tokenLength
|
||||
*/
|
||||
|
||||
function get_trusted_hostname() {
|
||||
$js_path = "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js";
|
||||
if ((isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == "https") || isset($_SERVER['HTTPS'])) {
|
||||
$is_scheme = "https://";
|
||||
}
|
||||
else {
|
||||
$is_scheme = "http://";
|
||||
}
|
||||
if (isset(explode(':', $_SERVER['HTTP_HOST'])[1])) {
|
||||
$is_port = intval(explode(':', $_SERVER['HTTP_HOST'])[1]);
|
||||
if (filter_var($is_port, FILTER_VALIDATE_INT, array("options" => array("min_range" =>1, "max_range" => 65535))) === false) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
if (!isset($is_port) || $is_port == 0) {
|
||||
$is_port = ($is_scheme == "https://") ? 443 : 80;
|
||||
}
|
||||
return $is_scheme . $GLOBALS['mailcow_hostname'] . ':' . $is_port . $js_path;
|
||||
}
|
||||
|
||||
return array(
|
||||
"CSRFP_TOKEN" => "MAILCOW_CSRF",
|
||||
"logDirectory" => "../log",
|
||||
@ -19,7 +39,7 @@ return array(
|
||||
"customErrorMessage" => "",
|
||||
"jsPath" => "../js/csrfprotector.js",
|
||||
// Fetching IS_HTTPS from sessions handler
|
||||
"jsUrl" => (($GLOBALS['IS_HTTPS'] === true) ? 'https://' : 'http://') . $GLOBALS['mailcow_hostname'] . ':' . intval(explode(':', $_SERVER['HTTP_HOST'])[1]) . "/inc/lib/vendor/owasp/csrf-protector-php/js/csrfprotector.js",
|
||||
"jsUrl" => get_trusted_hostname(),
|
||||
"tokenLength" => 10,
|
||||
"secureCookie" => false,
|
||||
"disabledJavascriptMessage" => "This site attempts to protect users against <a href=\"https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29\">
|
||||
|
Loading…
Reference in New Issue
Block a user