Welcome Guest, Not a member yet? Register   Sign In
[split] CodeIgniter 3.0.3 and Windows
#1

(This post was last modified: 11-07-2015, 08:21 AM by ciadmin.)

Nice work on security... but my base_url gets detected as http://::1/webapp which doesn't work in my Win7/x64 using Chrome 46 when trying to access http://localhost/webapp

But, if I access as http://127.0.0.1/webapp the base_url gets detected as http://127.0.0.1/webapp  as it should, even if I try with the IP of the net (192.168.80.24) it gets resolved, and works!!

Is this a windows issue? or a CI one?

Anyway... thanks for the UPDATE !!
Reply
#2

(This post was last modified: 11-02-2015, 05:06 PM by rtorralba.)

(11-02-2015, 04:21 PM)pabloveliz Wrote: Nice work on security... but my base_url gets detected as http://::1/webapp which doesn't work in my Win7/x64 using Chrome 46 when trying to access http://localhost/webapp

But, if I access as http://127.0.0.1/webapp the base_url gets detected as http://127.0.0.1/webapp  as it should, even if I try with the IP of the net (192.168.80.24) it gets resolved, and works!!

Is this a windows issue? or a CI one?

Anyway... thanks for the UPDATE !!

Is not for windows, is for a change in a new release for a security improvement. https://www.codeigniter.com/user_guide/i...e_303.html
Greetings.
Reply
#3

(11-02-2015, 04:21 PM)pabloveliz Wrote: Nice work on security... but my base_url gets detected as http://::1/webapp which doesn't work in my Win7/x64 using Chrome 46 when trying to access http://localhost/webapp

But, if I access as http://127.0.0.1/webapp the base_url gets detected as http://127.0.0.1/webapp  as it should, even if I try with the IP of the net (192.168.80.24) it gets resolved, and works!!

Is this a windows issue? or a CI one?

Anyway... thanks for the UPDATE !!

I'm working on Windows and following this helped

Upgrading from 3.0.2 to 3.0.3
http://www.codeigniter.com/user_guide/in...-not-empty

PHP Code:
// Set the protocol
$protocol 'http://';
if ( isset( 
$_SERVER["HTTPS"] ) && strtolower$_SERVER["HTTPS"] ) == "on" ) {
 
   $protocol 'https://';
} else {
 
   $_SERVER['HTTPS'] = 'off';
}
// Set the base_url
$config['base_url'] = $protocol.$_SERVER['HTTP_HOST']; 
Reply
#4

@Martin7483
Do you know your code could allow Host header injection?

@pabloveliz
If you want to use http://localhost/, create config/development/config.php, and set the $config['base_url'].
Reply
#5

(11-03-2015, 02:46 AM)kenjis Wrote: @Martin7483
Do you know your code could allow Host header injection?

Ah, yes.

But I have this in my index.php
PHP Code:
/*
 *---------------------------------------------------------------
 * SANITIZE $_SERVER HTTP HOST
 *---------------------------------------------------------------
 *
 * Set a whitelist of allowed domains
 */
$default_domain 'mydomain.com';
$allowed_domains = array('mydomain.com');
if( ! 
in_array($_SERVER['HTTP_HOST'], $allowed_domains) ) {
 
   $_SERVER['HTTP_HOST'] = $default_domain;

Reply




Theme © iAndrew 2016 - Forum software by © MyBB