From ca540a730c0b880922e86074f994a95b8d413bea Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 13 Oct 2019 10:37:32 +0200 Subject: Merging upstream version 1.18.0. Signed-off-by: Daniel Baumann --- web/server/web_client.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'web/server/web_client.c') diff --git a/web/server/web_client.c b/web/server/web_client.c index 908e3a6a9..53a5944ce 100644 --- a/web/server/web_client.c +++ b/web/server/web_client.c @@ -791,7 +791,7 @@ static inline char *http_header_parse(struct web_client *w, char *s, int parse_u w->auth_bearer_token = strdupz(v); } else if(hash == hash_host && !strcasecmp(s, "Host")){ - strncpyz(w->host, v, (ve - v)); + strncpyz(w->server_host, v, ((size_t)(ve - v) < sizeof(w->server_host)-1 ? (size_t)(ve - v) : sizeof(w->server_host)-1)); } #ifdef NETDATA_WITH_ZLIB else if(hash == hash_accept_encoding && !strcasecmp(s, "Accept-Encoding")) { @@ -1147,8 +1147,8 @@ static inline void web_client_send_http_header(struct web_client *w) { char headerbegin[8328]; if (w->response.code == HTTP_RESP_MOVED_PERM) { memcpy(headerbegin,"\r\nLocation: https://",20); - size_t headerlength = strlen(w->host); - memcpy(&headerbegin[20],w->host,headerlength); + size_t headerlength = strlen(w->server_host); + memcpy(&headerbegin[20],w->server_host,headerlength); headerlength += 20; size_t tmp = strlen(w->last_url); memcpy(&headerbegin[headerlength],w->last_url,tmp); @@ -1212,7 +1212,7 @@ static inline void web_client_send_http_header(struct web_client *w) { if(w->mode == WEB_CLIENT_MODE_OPTIONS) { buffer_strcat(w->response.header_output, "Access-Control-Allow-Methods: GET, OPTIONS\r\n" - "Access-Control-Allow-Headers: accept, x-requested-with, origin, content-type, cookie, pragma, cache-control\r\n" + "Access-Control-Allow-Headers: accept, x-requested-with, origin, content-type, cookie, pragma, cache-control, x-auth-token\r\n" "Access-Control-Max-Age: 1209600\r\n" // 86400 * 14 ); } -- cgit v1.2.3