couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject chttpd commit: updated refs/heads/master to 96e1e00
Date Wed, 19 Aug 2015 18:11:31 GMT
Repository: couchdb-chttpd
Updated Branches:
  refs/heads/master 8aa7adfb4 -> 96e1e008e


Don't pass CSRF cookie to replicator

COUCHDB-2781


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/96e1e008
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/96e1e008
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/96e1e008

Branch: refs/heads/master
Commit: 96e1e008e5b9b2e77b510bc1e862b5c86fee92c7
Parents: 8aa7adf
Author: Robert Newson <rnewson@apache.org>
Authored: Wed Aug 19 16:41:06 2015 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Wed Aug 19 16:53:43 2015 +0100

----------------------------------------------------------------------
 src/chttpd.erl | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/96e1e008/src/chttpd.erl
----------------------------------------------------------------------
diff --git a/src/chttpd.erl b/src/chttpd.erl
index 52400ca..8e152f6 100644
--- a/src/chttpd.erl
+++ b/src/chttpd.erl
@@ -402,9 +402,17 @@ make_uri(Req, Raw) ->
                          ":", config:get("chttpd", "port"), "/", Raw]),
     Headers = [
         {<<"authorization">>, ?l2b(header_value(Req,"authorization",""))},
-        {<<"cookie">>, ?l2b(header_value(Req,"cookie",""))}
+        {<<"cookie">>, ?l2b(extract_cookie(Req))}
     ],
     {[{<<"url">>,Url}, {<<"headers">>,{Headers}}]}.
+
+extract_cookie(#httpd{mochi_req = MochiReq}) ->
+    case MochiReq:get_cookie_value("AuthSession") of
+        undefined ->
+            "";
+        AuthSession ->
+            "AuthSession=" ++ AuthSession
+    end.
 %%% end hack
 
 authenticate_request(Req) ->


Mime
View raw message