Make private services forbid llHTTPRequest() calls by rejecting those that have the X-SecondLife-Shard header.

If you need to enable this, set AllowHttpRequestIn = true in [Network] for all private services or individual [*Service] sections.

1 files changed, 2 insertions, 1 deletions

diff --git a/OpenSim/Framework/ServiceAuth/IServiceAuth.cs b/OpenSim/Framework/ServiceAuth/IServiceAuth.cs
index fdd97b2..adde62f 100644
--- a/OpenSim/Framework/ServiceAuth/IServiceAuth.cs
+++ b/OpenSim/Framework/ServiceAuth/IServiceAuth.cs
@@ -26,6 +26,7 @@
  */
 
 using System;
+using System.Net;
 using System.Collections.Generic;
 using System.Collections.Specialized;
 
@@ -36,7 +37,7 @@ namespace OpenSim.Framework.ServiceAuth
     public interface  IServiceAuth
     {
         bool Authenticate(string data);
-        bool Authenticate(NameValueCollection headers, AddHeaderDelegate d);
+        bool Authenticate(NameValueCollection headers, AddHeaderDelegate d, out HttpStatusCode statusCode);
         void AddAuthorization(NameValueCollection headers);
     }
 }