From 08e6ea31de02101c724a379c4764a9e635bc8c18 Mon Sep 17 00:00:00 2001 From: Gerasimos Maropoulos Date: Sat, 30 Jul 2016 17:24:12 +0300 Subject: [PATCH] Add a better check for domain persistance on sessions - add the community members names who helped on website & logo on README --- .gitignore | 1 + README.md | 7 +++++-- context.go | 1 + sessions.go | 37 ++++++++++++++++++++++++++++++------- 4 files changed, 37 insertions(+), 9 deletions(-) diff --git a/.gitignore b/.gitignore index 1248133f..6233f8d8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +IrisProject.komodoproject .project .idea .git diff --git a/README.md b/README.md index b353b89c..262dd9e3 100644 --- a/README.md +++ b/README.md @@ -58,9 +58,12 @@ If you'd like to discuss this package, or ask questions about it, feel free to * Post an issue or idea [here](https://github.com/kataras/iris/issues). * [Chat][Chat]. -Iris takes very seriously your opinion, -- [Contribute: New website and logo for Iris](https://github.com/kataras/iris/issues/153) +New website-docs & logo have been designed by the community[*](https://github.com/kataras/iris/issues/153) + +- Website created by [@kujtimiihoxha](https://github.com/kujtimiihoxha) +- Logo designed by [@OneebMalik](https://github.com/OneebMalik) + Features ------------ diff --git a/context.go b/context.go index fd793167..866ca089 100644 --- a/context.go +++ b/context.go @@ -569,6 +569,7 @@ func (ctx *Context) TemplateString(name string, binding interface{}, options ... // HTML writes html string with a http status func (ctx *Context) HTML(status int, htmlContents string) { if err := ctx.RenderWithStatus(status, contentHTML, htmlContents); err != nil { + // if no response engine found for text/html ctx.SetContentType(contentHTML + "; charset=" + ctx.framework.Config.Charset) ctx.RequestCtx.SetStatusCode(status) ctx.RequestCtx.WriteString(htmlContents) diff --git a/sessions.go b/sessions.go index 06fd5b68..07e4094f 100644 --- a/sessions.go +++ b/sessions.go @@ -3,6 +3,7 @@ package iris import ( "container/list" "encoding/base64" + "strconv" "strings" "sync" "time" @@ -294,6 +295,34 @@ func (m *sessionsManager) generateSessionID() string { return base64.URLEncoding.EncodeToString(utils.Random(32)) } +func domainCanPersistence(requestDomain string) bool { + if requestDomain == "0.0.0.0" || requestDomain == "127.0.0.1" { + // for these type of hosts, we can't allow subdomains persistance, + // the web browser doesn't understand the mysubdomain.0.0.0.0 and mysubdomain.127.0.0.1 mysubdomain.32.196.56.181. as scorrectly ubdomains because of the many dots + // so don't set a cookie domain here, let browser handle this + return false + } + + dotLen := strings.Count(requestDomain, ".") + if dotLen == 0 { + // we don't have a domain, maybe something like 'localhost', browser doesn't see the .localhost as wildcard subdomain+domain + return false + } + if dotLen >= 3 { + if lastDotIdx := strings.LastIndexByte(requestDomain, '.'); lastDotIdx != -1 { + // chekc the last part, if it's number then propably it's ip + if len(requestDomain) > lastDotIdx+1 { + _, err := strconv.Atoi(requestDomain[lastDotIdx+1:]) + if err == nil { + return false + } + } + } + } + + return true +} + // Start starts the session func (m *sessionsManager) start(ctx *Context) *session { var session *session @@ -313,13 +342,7 @@ func (m *sessionsManager) start(ctx *Context) *session { if portIdx := strings.IndexByte(requestDomain, ':'); portIdx > 0 { requestDomain = requestDomain[0:portIdx] } - - if requestDomain == "0.0.0.0" || requestDomain == "127.0.0.1" { - // for these type of hosts, we can't allow subdomains persistance, - // the web browser doesn't understand the mysubdomain.0.0.0.0 and mysubdomain.127.0.0.1 as scorrectly ubdomains because of the many dots - // so don't set a domain here - - } else if strings.Count(requestDomain, ".") > 0 { // there is a problem with .localhost setted as the domain, so we check that first + if domainCanPersistence(requestDomain) { // RFC2109, we allow level 1 subdomains, but no further // if we have localhost.com , we want the localhost.com.