Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-49143

Host header validation is not applied consistently and doesn't whitelist IPv6 localhost address [::1]

    Details

      Description

      Steps to reproduce

      Test1:
      1, Start portal
      2, Navigate to http://[::1]:8080

      Expected result: portal is displayed
      Actual result: browser is redirected to localhost:8080

      Test 2:
      1, Map alpha.cz to 127.0.0.1 in the hosts file
      2, Sign in to portal
      3, Add Documents & Media portlet
      4, Upload a file
      5, Display the file details, example url (cleaned for better understanding): http://localhost:8080/?p_p_id=20&_20_struts_action=%2Fdocument_library%2Fview_file_entry&_20_fileEntryId=10522
      6, Replace localhost with alpha.cz, example: http://alpha.cz:8080/?p_p_id=20&_20_struts_action=%2Fdocument_library%2Fview_file_entry&_20_fileEntryId=10522
      7, Display HTML source of the page

      Expected result: alpha.cz is not present in the page HTML source
      Actual result: multiple occurences of "alpha" in the HTML

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shitian.zhang Shitian "Shelton" Zhang (Inactive)
              Reporter:
              tomas.polesovsky Tomáš Polešovský
              Participants of an Issue:
              Recent user:
              Tibor Lipusz
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Days since last comment:
                6 years, 14 weeks, 3 days ago

                  Packages

                  Version Package
                  6.1.X EE
                  6.2.2 CE GA3
                  6.2.X EE
                  7.0.0 M3