diff options
| author | Matthias Benkard <matthias.benkard@egym.de> | 2014-08-14 13:54:35 +0200 |
|---|---|---|
| committer | Matthias Andreas Benkard <code@mail.matthias.benkard.de> | 2015-04-23 21:55:01 +0200 |
| commit | 39f38b65fd828c1dd29361a7d61d8685834cf229 (patch) | |
| tree | 28c7eff2e2dce6e4ee7a899f95cd558269032841 | |
| parent | 9e680b80e0c22ce76b6314741e05f1bcb0deb4f9 (diff) | |
Make reverse-proxyable.
MulkyID used to be unable to run behind a reverse proxy. This is
fixed by using the real_domain configuration value for redirects
instead of the domain name sent by the client.
| -rw-r--r-- | www/common.pl | 6 | ||||
| -rwxr-xr-x | www/login.pl | 2 |
2 files changed, 2 insertions, 6 deletions
diff --git a/www/common.pl b/www/common.pl index a094442..63b8d0f 100644 --- a/www/common.pl +++ b/www/common.pl @@ -35,11 +35,7 @@ sub email_users($) { sub reluri($$) { my ($cgi, $x) = @_; - my $uri = URI->new($cgi->url(-full=>1)); - my @path = $uri->path_segments; - pop @path; - push @path, $x; - $uri->path_segments(@path); + my $uri = "https://" . $::MULKONF->{real_domain} . $::MULKONF->{basepath} . "/$x"; return "$uri"; } diff --git a/www/login.pl b/www/login.pl index 2be2b77..363f243 100755 --- a/www/login.pl +++ b/www/login.pl @@ -74,7 +74,7 @@ while (my $cgi = new CGI::Fast) { when ('google') { my $g = Net::Google::FederatedLogin->new( cgi => $cgi, - return_to => $cgi->url() + return_to => reluri($cgi, "login.pl") ); $g->verify_auth or die "Could not verify the OpenID assertion!"; my $ext = $g->get_extension('http://openid.net/srv/ax/1.0'); |