aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/OpenSim/Framework/Servers/HttpServer
diff options
context:
space:
mode:
authorJustin Clark-Casey (justincc)2015-03-04 17:51:11 +0000
committerJustin Clark-Casey (justincc)2015-03-04 18:27:51 +0000
commit3255335c42ff348465d235a3ccf9558d0d6d414b (patch)
tree5537a8bb51ef79f1b42a0a29e167da939630f434 /OpenSim/Framework/Servers/HttpServer
parentAdd outbound URL filter to llHttpRequest() and osSetDynamicTextureURL*() scri... (diff)
downloadopensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.zip
opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.gz
opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.bz2
opensim-SC-3255335c42ff348465d235a3ccf9558d0d6d414b.tar.xz
Make private services forbid llHTTPRequest() calls by rejecting those that have the X-SecondLife-Shard header.
If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.
Diffstat (limited to 'OpenSim/Framework/Servers/HttpServer')
-rw-r--r--OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs15
1 files changed, 10 insertions, 5 deletions
diff --git a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs
index f160734..41aa19b 100644
--- a/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs
+++ b/OpenSim/Framework/Servers/HttpServer/BaseStreamHandler.cs
@@ -56,12 +56,17 @@ namespace OpenSim.Framework.Servers.HttpServer
56 string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse) 56 string path, Stream request, IOSHttpRequest httpRequest, IOSHttpResponse httpResponse)
57 { 57 {
58 RequestsReceived++; 58 RequestsReceived++;
59 if (m_Auth != null && !m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader)) 59
60 if (m_Auth != null)
60 { 61 {
61 62 HttpStatusCode statusCode;
62 httpResponse.StatusCode = (int)HttpStatusCode.Unauthorized; 63
63 httpResponse.ContentType = "text/plain"; 64 if (!m_Auth.Authenticate(httpRequest.Headers, httpResponse.AddHeader, out statusCode))
64 return new byte[0]; 65 {
66 httpResponse.StatusCode = (int)statusCode;
67 httpResponse.ContentType = "text/plain";
68 return new byte[0];
69 }
65 } 70 }
66 71
67 byte[] result = ProcessRequest(path, request, httpRequest, httpResponse); 72 byte[] result = ProcessRequest(path, request, httpRequest, httpResponse);