[ofbiz-framework] 01/02: Improved: better message for host-headers-allowed

jleroux Sat, 11 Jul 2020 00:59:14 -0700

This is an automated email from the ASF dual-hosted git repository.

jleroux pushed a commit to branch release17.12
in repository https://gitbox.apache.org/repos/asf/ofbiz-framework.git


commit 0e3b1c7a49b2192cd11347e7f4efe00fbacd64e4
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sat Jul 11 09:54:18 2020 +0200

    Improved: better message for host-headers-allowed
    
    Adds an explanation about what to do when using own domain.
    
    Some users don't look into the log so it's better to set also the exception
    message in order for them to have it right at 1st glance.
---
 .../main/java/org/apache/ofbiz/webapp/control/RequestHandler.java   | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
index 52fa77f..44bd79b 100644
--- 
a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
+++ 
b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/RequestHandler.java
@@ -127,8 +127,10 @@ public class RequestHandler {
             GenericValue userLogin, Delegator delegator) throws 
RequestHandlerException, RequestHandlerExceptionAllowExternalRequests {
 
         if (!hostHeadersAllowed.contains(request.getServerName())) {
-            Debug.logError("Domain " + request.getServerName() + " not 
accepted to prevent host header injection ", module);
-            throw new RequestHandlerException("Domain " + 
request.getServerName() + " not accepted to prevent host header injection ");
+            Debug.logError("Domain " + request.getServerName() + " not 
accepted to prevent host header injection."
+                    + " You need to set host-headers-allowed property in 
security.properties file.", MODULE);
+            throw new RequestHandlerException("Domain " + 
request.getServerName() + " not accepted to prevent host header injection."
+                    + " You need to set host-headers-allowed property in 
security.properties file.");
         }
                 
         final boolean throwRequestHandlerExceptionOnMissingLocalRequest = 
EntityUtilProperties.propertyValueEqualsIgnoreCase(

[ofbiz-framework] 01/02: Improved: better message for host-headers-allowed

Reply via email to