Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/AphrontRequest.php
Show First 20 Lines • Show All 348 Lines • ▼ Show 20 Lines | public function validateCSRF() { | ||||
if (!$valid) { | if (!$valid) { | ||||
// Add some diagnostic details so we can figure out if some CSRF issues | // Add some diagnostic details so we can figure out if some CSRF issues | ||||
// are JS problems or people accessing Ajax URIs directly with their | // are JS problems or people accessing Ajax URIs directly with their | ||||
// browsers. | // browsers. | ||||
$info = array(); | $info = array(); | ||||
$info[] = pht( | $info[] = pht( | ||||
'You are trying to save some data to Phabricator, but the request '. | 'You are trying to save some data to %s, but the request '. | ||||
'your browser made included an incorrect token. Reload the page '. | 'your browser made included an incorrect token. Reload the page '. | ||||
'and try again. You may need to clear your cookies.'); | 'and try again. You may need to clear your cookies.', | ||||
PhabricatorPlatformSite::getName()); | |||||
if ($this->isAjax()) { | if ($this->isAjax()) { | ||||
$info[] = pht('This was an Ajax request.'); | $info[] = pht('This was an Ajax request.'); | ||||
} else { | } else { | ||||
$info[] = pht('This was a Web request.'); | $info[] = pht('This was a Web request.'); | ||||
} | } | ||||
if ($token) { | if ($token) { | ||||
▲ Show 20 Lines • Show All 214 Lines • ▼ Show 20 Lines | private function setCookieWithExpiration( | ||||
$base_domain_uri = $this->getCookieDomainURI(); | $base_domain_uri = $this->getCookieDomainURI(); | ||||
if (!$base_domain_uri) { | if (!$base_domain_uri) { | ||||
$configured_as = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); | $configured_as = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); | ||||
$accessed_as = $this->getHost(); | $accessed_as = $this->getHost(); | ||||
throw new AphrontMalformedRequestException( | throw new AphrontMalformedRequestException( | ||||
pht('Bad Host Header'), | pht('Bad Host Header'), | ||||
pht( | pht( | ||||
'This Phabricator install is configured as "%s", but you are '. | 'This %s install is configured as "%s", but you are '. | ||||
'using the domain name "%s" to access a page which is trying to '. | 'using the domain name "%s" to access a page which is trying to '. | ||||
'set a cookie. Access Phabricator on the configured primary '. | 'set a cookie. Access %s on the configured primary '. | ||||
'domain or a configured alternate domain. Phabricator will not '. | 'domain or a configured alternate domain. %s will not '. | ||||
'set cookies on other domains for security reasons.', | 'set cookies on other domains for security reasons.', | ||||
PhabricatorPlatformSite::getName(), | |||||
$configured_as, | $configured_as, | ||||
$accessed_as), | $accessed_as, | ||||
PhabricatorPlatformSite::getName(), | |||||
PhabricatorPlatformSite::getName()), | |||||
true); | true); | ||||
} | } | ||||
$base_domain = $base_domain_uri->getDomain(); | $base_domain = $base_domain_uri->getDomain(); | ||||
$is_secure = ($base_domain_uri->getProtocol() == 'https'); | $is_secure = ($base_domain_uri->getProtocol() == 'https'); | ||||
$name = $this->getPrefixedCookieName($name); | $name = $this->getPrefixedCookieName($name); | ||||
▲ Show 20 Lines • Show All 366 Lines • Show Last 20 Lines |
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0