safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 13:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-47: Remove XFF header code due to security concerns.

Browse Source
This commit is contained in:
Nick Couchman
2017-01-28 12:58:53 -05:00
parent 00df0d75eb
commit 3fadac632c
1 changed files with 4 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
guacamole/src/main/java/org/apache/guacamole/rest/APIRequest.java
View File

@@ -68,17 +68,14 @@ public class APIRequest extends HttpServletRequestWrapper {
super(request); super(request);
// Try a few methods to get client info. // Grab the remote host info.
if (request.getHeader("X-Forwarded-For") != null && !request.getHeader("X-Forwarded-For").isEmpty()) if (request.getRemoteHost() != null && !request.getRemoteHost().isEmpty())
this.remoteHost = null;
else if (request.getRemoteHost() != null && !request.getRemoteHost().isEmpty())
this.remoteHost = request.getRemoteHost(); this.remoteHost = request.getRemoteHost();
else else
this.remoteHost = null; this.remoteHost = null;
if(request.getHeader("X-Forwarded-For") != null && !request.getHeader("X-Forwarded-For").isEmpty()) // Grab the remote ip info.
this.remoteAddr = request.getHeader("X-Forwarded-For"); if(request.getRemoteHost() != null && !request.getRemoteAddr().isEmpty())
else if(request.getRemoteHost() != null && !request.getRemoteAddr().isEmpty())
this.remoteAddr = request.getRemoteAddr(); this.remoteAddr = request.getRemoteAddr();
else else
this.remoteAddr = null; this.remoteAddr = null;