diff options
author | Justin Clark-Casey (justincc) | 2015-03-04 17:51:11 +0000 |
---|---|---|
committer | Justin Clark-Casey (justincc) | 2015-03-04 18:27:51 +0000 |
commit | 3255335c42ff348465d235a3ccf9558d0d6d414b (patch) | |
tree | 5537a8bb51ef79f1b42a0a29e167da939630f434 /OpenSim/Framework/Servers/HttpServer | |
parent | Add outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() scri... (diff) | |
download | opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.zip opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.gz opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.bz2 opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.xz |
Make private services forbid llHTTPRequest() calls by rejecting those that have the X-SecondLife-Shard header.
If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.
Diffstat (limited to 'OpenSim/Framework/Servers/HttpServer')
-rw-r--r-- | OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs index f160734..41aa19b 100644 --- a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs +++ b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs | |||
@@ -56,12 +56,17 @@ namespace OpenSim.Framework.Servers.HttpServer | |||
56 | string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) | 56 | string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) |
57 | { | 57 | { |
58 | RequestsReceived++; | 58 | RequestsReceived++; |
59 | if (m_Auth != null && !m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader)) | 59 | |
60 | if (m_Auth != null) | ||
60 | { | 61 | { |
61 | 62 | HttpStatusCode statusCode; | |
62 | httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; | 63 | |
63 | httpResponse.ContentType = "text/plain"; | 64 | if (!m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader, out statusCode)) |
64 | return new byte[0]; | 65 | { |
66 | httpResponse.StatusCode = (int)statusCode; | ||
67 | httpResponse.ContentType = "text/plain"; | ||
68 | return new byte[0]; | ||
69 | } | ||
65 | } | 70 | } |
66 | 71 | ||
67 | byte[] result = ProcessRequest(path, request, httpRequest, httpResponse); | 72 | byte[] result = ProcessRequest(path, request, httpRequest, httpResponse); |