From 39f38b65fd828c1dd29361a7d61d8685834cf229 Mon Sep 17 00:00:00 2001
From: Matthias Benkard <matthias.benkard@egym.de>
Date: Thu, 14 Aug 2014 13:54:35 +0200
Subject: Make reverse-proxyable.

MulkyID used to be unable to run behind a reverse proxy.  This is
fixed by using the real_domain configuration value for redirects
instead of the domain name sent by the client.
---
 www/common.pl | 6 +-----
 www/login.pl  | 2 +-
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/www/common.pl b/www/common.pl
index a094442..63b8d0f 100644
--- a/www/common.pl
+++ b/www/common.pl
@@ -35,11 +35,7 @@ sub email_users($) {
 
 sub reluri($$) {
   my ($cgi, $x) = @_;
-  my $uri = URI->new($cgi->url(-full=>1));
-  my @path = $uri->path_segments;
-  pop @path;
-  push @path, $x;
-  $uri->path_segments(@path);
+  my $uri = "https://" . $::MULKONF->{real_domain} . $::MULKONF->{basepath} . "/$x";
   return "$uri";
 }
 
diff --git a/www/login.pl b/www/login.pl
index 2be2b77..363f243 100755
--- a/www/login.pl
+++ b/www/login.pl
@@ -74,7 +74,7 @@ while (my $cgi = new CGI::Fast) {
     when ('google') {
       my $g = Net::Google::FederatedLogin->new(
         cgi => $cgi,
-        return_to => $cgi->url()
+        return_to => reluri($cgi, "login.pl")
       );
       $g->verify_auth or die "Could not verify the OpenID assertion!";
       my $ext = $g->get_extension('http://openid.net/srv/ax/1.0');
-- 
cgit v1.2.3