Return-Path: X-Original-To: apmail-incubator-callback-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-callback-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 20A16DE64 for ; Tue, 18 Sep 2012 12:06:09 +0000 (UTC) Received: (qmail 70487 invoked by uid 500); 18 Sep 2012 12:06:08 -0000 Delivered-To: apmail-incubator-callback-dev-archive@incubator.apache.org Received: (qmail 70430 invoked by uid 500); 18 Sep 2012 12:06:08 -0000 Mailing-List: contact callback-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: callback-dev@incubator.apache.org Delivered-To: mailing list callback-dev@incubator.apache.org Received: (qmail 70415 invoked by uid 99); 18 Sep 2012 12:06:07 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 18 Sep 2012 12:06:07 +0000 Date: Tue, 18 Sep 2012 23:06:07 +1100 (NCT) From: "Matti Paksula (JIRA)" To: callback-dev@incubator.apache.org Message-ID: <1699647212.91950.1347969967889.JavaMail.jiratomcat@arcas> In-Reply-To: <1901163165.89836.1347917467529.JavaMail.jiratomcat@arcas> Subject: [jira] [Commented] (CB-1494) Supports running server behind a proxy, such as Heroku Cedar MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/CB-1494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13457763#comment-13457763 ] Matti Paksula commented on CB-1494: ----------------------------------- _> Whether or not you submit a CCLA, YOU WILL ALSO NEED TO SUBMIT AN ICLA._ Yes, both ICLA (5x from all of us at AppGyver) and CCLA are being submitted to ASF ~tomorrow. _> Also note that it wasn't immediately clear to me that the XFF header can actually be a set of IP addresses, not just one._ You are right, I did not look into XFF in detail. I've updated the pull request to take the last ip or host from the string (the last is set by the proxy and I verified that it actually works in Heroku): {quote} $ curl --header "X-Forwarded-For: gooby.plz.dolan.io" "http://limitless-shelf-9248.herokuapp.com" trololololo.dolan.io, 88.112.131.21 {quote} ... so actual host/ip gets set even if spoofing is attempted. So there should not be any security implications. I've updated the pull-request with a new commit to support a set of addresses. Testable pre-built NPM of that is here: https://github.com/downloads/AppGyver/incubator-cordova-weinre/apache-cordova-weinre-2.0.0-pre-H78XI5TK-incubating-bin.tar.gz We could also add an option to turn support for XFF on, but I think it should be the default behaviour and used if set (like you would expect when you deploy Weinre to Heroku or other proxied environment) _> Although, I'm wondering about places we dump the ip address into HTML to being with - like in the remote panel. Can someone check that?_ Yes it gets dumped, but should this be fixed? _> Should we add something to the doc? I'm thinking a quick mention that we support XFF should be good enough._ Yes, adding a bullet in MultiUser.html notes section? (are there any plans to write some tests for weinre?) (what about the state of documentation?) > Supports running server behind a proxy, such as Heroku Cedar > ------------------------------------------------------------ > > Key: CB-1494 > URL: https://issues.apache.org/jira/browse/CB-1494 > Project: Apache Cordova > Issue Type: New Feature > Components: weinre > Reporter: Patrick Mueller > Assignee: Patrick Mueller > > created for https://github.com/apache/incubator-cordova-weinre/pull/10 -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira