From 39f38b65fd828c1dd29361a7d61d8685834cf229 Mon Sep 17 00:00:00 2001 From: Matthias Benkard Date: Thu, 14 Aug 2014 13:54:35 +0200 Subject: Make reverse-proxyable. MulkyID used to be unable to run behind a reverse proxy. This is fixed by using the real_domain configuration value for redirects instead of the domain name sent by the client. --- www/common.pl | 6 +----- www/login.pl | 2 +- 2 files changed, 2 insertions(+), 6 deletions(-) (limited to 'www') diff --git a/www/common.pl b/www/common.pl index a094442..63b8d0f 100644 --- a/www/common.pl +++ b/www/common.pl @@ -35,11 +35,7 @@ sub email_users($) { sub reluri($$) { my ($cgi, $x) = @_; - my $uri = URI->new($cgi->url(-full=>1)); - my @path = $uri->path_segments; - pop @path; - push @path, $x; - $uri->path_segments(@path); + my $uri = "https://" . $::MULKONF->{real_domain} . $::MULKONF->{basepath} . "/$x"; return "$uri"; } diff --git a/www/login.pl b/www/login.pl index 2be2b77..363f243 100755 --- a/www/login.pl +++ b/www/login.pl @@ -74,7 +74,7 @@ while (my $cgi = new CGI::Fast) { when ('google') { my $g = Net::Google::FederatedLogin->new( cgi => $cgi, - return_to => $cgi->url() + return_to => reluri($cgi, "login.pl") ); $g->verify_auth or die "Could not verify the OpenID assertion!"; my $ext = $g->get_extension('http://openid.net/srv/ax/1.0'); -- cgit v1.2.3