(fix) avoid using for now the XSRF code for proxy-auth (fixes #3668)
parent
d802a7d5e4
commit
a30d620502
|
@ -218,15 +218,17 @@ static SoProduct *commonProduct = nil;
|
|||
NSString *value, *token;
|
||||
NSArray *creds;
|
||||
|
||||
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
|
||||
auth = [[WOApplication application]
|
||||
authenticatorInContext: context];
|
||||
|
||||
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
|
||||
![auth isKindOfClass: [SOGoWebAuthenticator class]])
|
||||
return [super performActionNamed: _actionName];
|
||||
|
||||
// We grab the X-XSRF-TOKEN header
|
||||
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
|
||||
|
||||
// We compare it with our session key
|
||||
auth = [[WOApplication application]
|
||||
authenticatorInContext: context];
|
||||
value = [[context request]
|
||||
cookieValueForKey: [auth cookieNameInContext: context]];
|
||||
creds = [auth parseCredentials: value];
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
/*
|
||||
Copyright (C) 2000-2005 SKYRIX Software AG
|
||||
Copyright (C) 2007-2016 Inverse inc.
|
||||
|
||||
This file is part of SOGo
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
/*
|
||||
Copyright (C) 2007-2015 Inverse inc.
|
||||
Copyright (C) 2004 SKYRIX Software AG
|
||||
Copyright (C) 2007-2016 Inverse inc.
|
||||
|
||||
This file is part of SOGo
|
||||
|
||||
|
@ -775,7 +774,11 @@ static SoProduct *commonProduct = nil;
|
|||
NSString *value, *token;
|
||||
NSArray *creds;
|
||||
|
||||
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled])
|
||||
auth = [[WOApplication application]
|
||||
authenticatorInContext: context];
|
||||
|
||||
if (![[SOGoSystemDefaults sharedSystemDefaults] xsrfValidationEnabled] ||
|
||||
![auth isKindOfClass: [SOGoWebAuthenticator class]])
|
||||
return [super performActionNamed: _actionName];
|
||||
|
||||
// If the action is 'connect' (or 'logoff'), we let it go as the token
|
||||
|
@ -790,8 +793,6 @@ static SoProduct *commonProduct = nil;
|
|||
token = [[context request] headerForKey: @"X-XSRF-TOKEN"];
|
||||
|
||||
// We compare it with our session key
|
||||
auth = [[WOApplication application]
|
||||
authenticatorInContext: context];
|
||||
value = [[context request]
|
||||
cookieValueForKey: [auth cookieNameInContext: context]];
|
||||
creds = [auth parseCredentials: value];
|
||||
|
|
Loading…
Reference in New Issue