Changeset View
Changeset View
Standalone View
Standalone View
src/aphront/AphrontRequest.php
| Show First 20 Lines • Show All 348 Lines • ▼ Show 20 Lines | public function validateCSRF() { | ||||
| if (!$valid) { | if (!$valid) { | ||||
| // Add some diagnostic details so we can figure out if some CSRF issues | // Add some diagnostic details so we can figure out if some CSRF issues | ||||
| // are JS problems or people accessing Ajax URIs directly with their | // are JS problems or people accessing Ajax URIs directly with their | ||||
| // browsers. | // browsers. | ||||
| $info = array(); | $info = array(); | ||||
| $info[] = pht( | $info[] = pht( | ||||
| 'You are trying to save some data to Phabricator, but the request '. | 'You are trying to save some data to %s, but the request '. | ||||
| 'your browser made included an incorrect token. Reload the page '. | 'your browser made included an incorrect token. Reload the page '. | ||||
| 'and try again. You may need to clear your cookies.'); | 'and try again. You may need to clear your cookies.', | ||||
| PhabricatorPlatformSite::getName()); | |||||
| if ($this->isAjax()) { | if ($this->isAjax()) { | ||||
| $info[] = pht('This was an Ajax request.'); | $info[] = pht('This was an Ajax request.'); | ||||
| } else { | } else { | ||||
| $info[] = pht('This was a Web request.'); | $info[] = pht('This was a Web request.'); | ||||
| } | } | ||||
| if ($token) { | if ($token) { | ||||
| ▲ Show 20 Lines • Show All 214 Lines • ▼ Show 20 Lines | private function setCookieWithExpiration( | ||||
| $base_domain_uri = $this->getCookieDomainURI(); | $base_domain_uri = $this->getCookieDomainURI(); | ||||
| if (!$base_domain_uri) { | if (!$base_domain_uri) { | ||||
| $configured_as = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); | $configured_as = PhabricatorEnv::getEnvConfig('phabricator.base-uri'); | ||||
| $accessed_as = $this->getHost(); | $accessed_as = $this->getHost(); | ||||
| throw new AphrontMalformedRequestException( | throw new AphrontMalformedRequestException( | ||||
| pht('Bad Host Header'), | pht('Bad Host Header'), | ||||
| pht( | pht( | ||||
| 'This Phabricator install is configured as "%s", but you are '. | 'This %s install is configured as "%s", but you are '. | ||||
| 'using the domain name "%s" to access a page which is trying to '. | 'using the domain name "%s" to access a page which is trying to '. | ||||
| 'set a cookie. Access Phabricator on the configured primary '. | 'set a cookie. Access %s on the configured primary '. | ||||
| 'domain or a configured alternate domain. Phabricator will not '. | 'domain or a configured alternate domain. %s will not '. | ||||
| 'set cookies on other domains for security reasons.', | 'set cookies on other domains for security reasons.', | ||||
| PhabricatorPlatformSite::getName(), | |||||
| $configured_as, | $configured_as, | ||||
| $accessed_as), | $accessed_as, | ||||
| PhabricatorPlatformSite::getName(), | |||||
| PhabricatorPlatformSite::getName()), | |||||
| true); | true); | ||||
| } | } | ||||
| $base_domain = $base_domain_uri->getDomain(); | $base_domain = $base_domain_uri->getDomain(); | ||||
| $is_secure = ($base_domain_uri->getProtocol() == 'https'); | $is_secure = ($base_domain_uri->getProtocol() == 'https'); | ||||
| $name = $this->getPrefixedCookieName($name); | $name = $this->getPrefixedCookieName($name); | ||||
| ▲ Show 20 Lines • Show All 366 Lines • Show Last 20 Lines | |||||
Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0