@robocoder
opened this Issue on May 21st 2011
@robocoder
In some environments, a fixup is applied to HTTP_HOST such that it doesn't match the host in SCRIPT_URI. Example:
- open browser to http://example.com/piwik
$_SERVER['HTTP_HOST']contains 'www.example.com'$_SERVER['REQUEST_URI']contains 'http://example.com/piwik'
This causes isLocalUrl() and ultimately, the Nonce verification on the Referer to fail.
@robocoder
commented
on May 21st 2011
(In [4750]) fixes #2444
@robocoder
commented
on May 22nd 2011
(In [4754]) refs #2444 - relax isLocalReferer() test so that it's comparable to the Origin: test
@robocoder
commented
on May 22nd 2011
(In [4756]) refs #2444
@robocoder
commented
on May 22nd 2011
(In [4757]) refs #2444
@robocoder
commented
on May 22nd 2011
(In [4758]) refs #2444
@robocoder
commented
on May 22nd 2011
(In [4760]) refs #2444 - re-enable unit test
This Issue was closed on May 22nd 2011