Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Cookie issue when sending request to external app

kureikainkureikain
edited August 2010 in Vanilla 2.0 - 2.8
ProxyConnect will send request to authentication page to get information,
It uses ProxyRequest function, (Line 1005 in functions.general.php)
$Handler = curl_init();
curl_setopt($Handler, CURLOPT_URL, $Url);
curl_setopt($Handler, CURLOPT_PORT, $Port);
curl_setopt($Handler, CURLOPT_HEADER, 0);
curl_setopt($Handler, CURLOPT_RETURNTRANSFER, 1);

But the problem is USER_AGENT is not set!
Some external app(such as Kohana), use user agent to validate cookie!

So, you need to add
curl_setopt($Handler, CURLOPT_USERAGENT, $_SERVER['HTTP_USER_AGENT'])
to set user agent!

If you don't set, cookie will become invalid in external app, and of course, nothing return!
This thing should be add to next verison of proxy connect!

Comments

  • TimTim Vanilla Staff
    This will be in Vanilla v2.0.1

    Thanks for the report!

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • eleitheleith New
    i needed something like this as well, and modified Vanilla's ProxyRequest function in library/core/functions.general.php, look for this line: 
    //."User-Agent: Vanilla/2.0\r\n"
    modify the user-agent to be the user-agent of the request: 
    $Header = "GET $Path?$Query HTTP/1.1\r\n"
                ."Host: {$HostHeader}\r\n"
                // If you've got basic authentication enabled for the app, you're going to need to explicitly define the user/pass for this fsock call
                // "Authorization: Basic ". base64_encode ("username:password")."\r\n" . 
                ."User-Agent: " . $_SERVER['HTTP_USER_AGENT']."\r\n"
                //."User-Agent: Vanilla/2.0\r\n"
                ."Accept: */*\r\n"
                ."Accept-Charset: utf-8;\r\n"
                ."Referer: {$Referer}\r\n"
                ."Connection: close\r\n";
    now everything that is proxied by vanilla will contain the request's user agent.
  • TimTim Vanilla Staff
    edited August 2010
    Not bad, but a safer way is probably more like

    'User-Agent' => ArrayValue('HTTP_USER_AGENT', $_SERVER, 'Vanilla/2.0'),due to how fickle the $_SERVER array is, and that in the future it will be possible to call Vanilla from the command line. Anyways, 2.0.1 ;)

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • eleitheleith New
    vanilla 2.0.1 now has this builtin. it works, and best of all, i'm now running a completely unmodified vanilla forum.

    my proxyconnector still has some modifications, but looks like @tim's got a nice update 1.5 planned in the future.

    i'm worried i might have trouble upgrading though, because one of my hacks made it so that my uniqueID was used instead of email for the foreignkey.
  • TimTim Vanilla Staff
    That's a switch in the new ProxyConnect. You'll be able to set a flag in the config file to decide whether to use Email or UniqueID.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • eleitheleith New
    @tim, niiice. it's like you want people to have their cake and EAT it to.
Sign In or Register to comment.