Commit ddb6dbf4 authored by Marcin Siodelski's avatar Marcin Siodelski Committed by Tomek Mrugalski
Browse files

[#360,!305] Host header is included in all HA exchanges.

parent 5276c091
......@@ -756,7 +756,8 @@ HAService::asyncSendLeaseUpdate(const QueryPtrType& query,
const ParkingLotHandlePtr& parking_lot) {
// Create HTTP/1.1 request including our command.
PostHttpRequestJsonPtr request = boost::make_shared<PostHttpRequestJson>
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11());
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11(),
HostHttpHeader(config->getUrl().getHostname()));
request->setBodyAsJson(command);
request->finalize();
......@@ -917,7 +918,8 @@ HAService::asyncSendHeartbeat() {
// Create HTTP/1.1 request including our command.
PostHttpRequestJsonPtr request = boost::make_shared<PostHttpRequestJson>
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11());
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11(),
HostHttpHeader(partner_config->getUrl().getHostname()));
request->setBodyAsJson(CommandCreator::createHeartbeat(server_type_));
request->finalize();
......@@ -1030,7 +1032,8 @@ HAService::asyncDisableDHCPService(HttpClient& http_client,
// Create HTTP/1.1 request including our command.
PostHttpRequestJsonPtr request = boost::make_shared<PostHttpRequestJson>
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11());
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11(),
HostHttpHeader(remote_config->getUrl().getHostname()));
request->setBodyAsJson(CommandCreator::createDHCPDisable(max_period,
server_type_));
......@@ -1098,7 +1101,8 @@ HAService::asyncEnableDHCPService(HttpClient& http_client,
// Create HTTP/1.1 request including our command.
PostHttpRequestJsonPtr request = boost::make_shared<PostHttpRequestJson>
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11());
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11(),
HostHttpHeader(remote_config->getUrl().getHostname()));
request->setBodyAsJson(CommandCreator::createDHCPEnable(server_type_));
request->finalize();
......@@ -1225,7 +1229,8 @@ HAService::asyncSyncLeasesInternal(http::HttpClient& http_client,
// Create HTTP/1.1 request including our command.
PostHttpRequestJsonPtr request = boost::make_shared<PostHttpRequestJson>
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11());
(HttpRequest::Method::HTTP_POST, "/", HttpVersion::HTTP_11(),
HostHttpHeader(partner_config->getUrl().getHostname()));
if (server_type_ == HAServerType::DHCPv4) {
request->setBodyAsJson(CommandCreator::createLease4GetPage(
boost::dynamic_pointer_cast<Lease4>(last_lease), config_->getSyncPageLimit()));
......
......@@ -336,6 +336,24 @@ private:
// Remember the request received.
requests_.push_back(request_json);
// The request must always contain non-empty Host header.
bool invalid_host = false;
try {
auto host_hdr = request_json->getHeader("Host");
if (host_hdr->getValue().empty()) {
invalid_host = true;
}
} catch (...) {
// Host header does not exist.
invalid_host = true;
}
// If invalid host then return Bad Request.
if (invalid_host) {
return (createStockHttpResponse(request, HttpStatusCode::BAD_REQUEST));
}
int control_result = -1;
ElementPtr arguments;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment