diff options
author | Richard van Nieuwenhoven <richard.vannieuwenhoven@adesso.at> | 2015-11-07 16:07:32 +0100 |
---|---|---|
committer | Richard van Nieuwenhoven <richard.vannieuwenhoven@adesso.at> | 2015-11-07 16:07:32 +0100 |
commit | d26a73b838da8c3966ee7e71a6c9d769cbe9cf60 (patch) | |
tree | 716b8f2b1630eee7ddfd7279e21e4bcd84c91572 | |
parent | 6bb307d2064fcae01fcbb06eb9f7c7f89ddc26ee (diff) | |
parent | 0f5ae0751dcaf3182ba094403debaf085b3ac58e (diff) | |
download | nanohttpd-d26a73b838da8c3966ee7e71a6c9d769cbe9cf60.tar.gz |
Merge pull request #248 from summershrimp/security-get-headers-first
Decode headers before write remote-addr
-rw-r--r-- | core/src/main/java/fi/iki/elonen/NanoHTTPD.java | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java index 906d435..16cc9c6 100644 --- a/core/src/main/java/fi/iki/elonen/NanoHTTPD.java +++ b/core/src/main/java/fi/iki/elonen/NanoHTTPD.java @@ -808,11 +808,6 @@ public abstract class NanoHTTPD { this.headers.clear(); } - if (null != this.remoteIp) { - this.headers.put("remote-addr", this.remoteIp); - this.headers.put("http-client-ip", this.remoteIp); - } - // Create a BufferedReader for parsing the header. BufferedReader hin = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(buf, 0, this.rlen))); @@ -820,6 +815,11 @@ public abstract class NanoHTTPD { Map<String, String> pre = new HashMap<String, String>(); decodeHeader(hin, pre, this.parms, this.headers); + if (null != this.remoteIp) { + this.headers.put("remote-addr", this.remoteIp); + this.headers.put("http-client-ip", this.remoteIp); + } + this.method = Method.lookup(pre.get("method")); if (this.method == null) { throw new ResponseException(Response.Status.BAD_REQUEST, "BAD REQUEST: Syntax error."); |