Skip to content

Commit 01539ce

Browse files
tomas-sexeniantomas-sexenian
committed
If enabled, only take the first comma separated ip
1 parent 2e09c7f commit 01539ce

File tree

1 file changed

+12
-13
lines changed

1 file changed

+12
-13
lines changed

java/src/main/java/com/genexus/webpanels/HttpContextWeb.java

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -79,6 +79,7 @@ public class HttpContextWeb extends HttpContext {
7979
private static final String SAME_SITE_LAX = "Lax";
8080
private static final String SAME_SITE_STRICT = "Strict";
8181
private static final String SET_COOKIE = "Set-Cookie";
82+
private static String httpForwardedHeadersEnabled = System.getenv("HTTP_FORWARDEDHEADERS_ENABLED");
8283

8384
public static final int BROWSER_OTHER = 0;
8485
public static final int BROWSER_IE = 1;
@@ -630,8 +631,10 @@ public String getUserId(String key, ModelContext context, int handle, com.genexu
630631
}
631632

632633
public String getRemoteAddr() {
634+
boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
633635
String address = getHeader("X-Forwarded-For");
634-
if (address.length() > 0){
636+
if (isEnabled && address != null && address.length() > 0) {
637+
address = address.split(",")[0].trim();
635638
return address;
636639
}
637640
address = request.getRemoteAddr();
@@ -948,33 +951,29 @@ public byte setCookie(String name, String value, String path, java.util.Date exp
948951
}
949952

950953
public String getServerName() {
954+
boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
951955
String host = getHeader("X-Forwarded-Host");
952-
if (host.length() > 0){
953-
return host;
956+
if (isEnabled && host != null && host.length() > 0) {
957+
return host.split(",")[0].trim();
954958
}
955959
String serverNameProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_NAME", "");
956960
if (!StringUtils.isBlank(serverNameProperty)) {
957961
return serverNameProperty;
958962
}
959-
if (request != null)
960-
return request.getServerName();
961-
962-
return "";
963+
return request != null ? request.getServerName() : "";
963964
}
964965

965966
public int getServerPort() {
967+
boolean isEnabled = "true".equalsIgnoreCase(httpForwardedHeadersEnabled);
966968
String port = getHeader("X-Forwarded-Port");
967-
if (port.length() > 0){
968-
return Integer.parseInt(port);
969+
if (isEnabled && port != null && port.length() > 0) {
970+
port = port.split(",")[0].trim();
971+
return Integer.parseInt(port);
969972
}
970973
String serverPortProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_PORT", "");
971974
if (!StringUtils.isBlank(serverPortProperty)) {
972975
return Integer.parseInt(serverPortProperty);
973976
}
974-
String serverNameProperty = ModelContext.getModelContext().getPreferences().getProperty("SERVER_NAME", "");
975-
if (serverNameProperty.indexOf(':') != -1) {
976-
return 80;
977-
}
978977
if (request != null) {
979978
return request.getServerPort();
980979
}

0 commit comments

Comments
 (0)