From 00df0d75ebc1eed173a6fc49c7142acc260181a5 Mon Sep 17 00:00:00 2001 From: Nick Couchman Date: Sat, 28 Jan 2017 08:23:32 -0500 Subject: [PATCH] GUACAMOLE-47: Remove custom header code due to complexity & security concerns. --- .../main/java/org/apache/guacamole/rest/APIRequest.java | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java b/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java index 29c940238..57839a5fd 100644 --- a/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java +++ b/guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java @@ -69,18 +69,14 @@ public class APIRequest extends HttpServletRequestWrapper { super(request); // Try a few methods to get client info. - if (request.getHeader("X-Guacamole-Client-Hostname") != null && !request.getHeader("X-Guacamole-Client-Hostname").isEmpty()) - this.remoteHost = request.getHeader("X-Guacamole-Client-Hostname"); - else if (request.getHeader("X-Forwarded-For") != null && !request.getHeader("X-Forwarded-For").isEmpty()) + if (request.getHeader("X-Forwarded-For") != null && !request.getHeader("X-Forwarded-For").isEmpty()) this.remoteHost = null; else if (request.getRemoteHost() != null && !request.getRemoteHost().isEmpty()) this.remoteHost = request.getRemoteHost(); else this.remoteHost = null; - if (request.getHeader("X-Guacamole-Client-IP") != null && !request.getHeader("X-Guacamole-Client-IP").isEmpty()) - this.remoteAddr = request.getHeader("X-Guacamole-Client-IP"); - else if(request.getHeader("X-Forwarded-For") != null && !request.getHeader("X-Forwarded-For").isEmpty()) + if(request.getHeader("X-Forwarded-For") != null && !request.getHeader("X-Forwarded-For").isEmpty()) this.remoteAddr = request.getHeader("X-Forwarded-For"); else if(request.getRemoteHost() != null && !request.getRemoteAddr().isEmpty()) this.remoteAddr = request.getRemoteAddr();