Detect subrequests and internal redirects.

author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Tue, 4 Dec 2007 05:07:49 +0000 (05:07 +0000)

committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>

Tue, 4 Dec 2007 05:07:49 +0000 (05:07 +0000)
author cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Tue, 4 Dec 2007 05:07:49 +0000 (05:07 +0000)
committer cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
Tue, 4 Dec 2007 05:07:49 +0000 (05:07 +0000)
diff --git a/nsapi_shib/nsapi_shib.cpp b/nsapi_shib/nsapi_shib.cpp

index 29b80ab..962499f 100644 (file)
--- a/nsapi_shib/nsapi_shib.cpp
+++ b/nsapi_shib/nsapi_shib.cpp
@@ -214,7 +214,7 @@ public:
      qstr = pblock_findval("auth-type", rq->vars);
      if (qstr && !strcmp(qstr, "shibboleth"))
          m_firsttime = false;
-    if (!m_firsttime)
+    if (!m_firsttime || rq->orig_rq)
          log(SPDebug, "nsapi_shib function running more than once");
    }
    ~ShibTargetNSAPI() { }
@@ -287,7 +287,7 @@ public:
      }
    }
    void clearHeader(const char* rawname, const char* cginame) {
-    if (m_firsttime && g_checkSpoofing) {
+    if (g_checkSpoofing && m_firsttime && !m_rq->orig_rq) {
          if (m_allhttp.empty()) {
              // Populate the set of client-supplied headers for spoof checking.
              const pb_entry* entry;
author	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Tue, 4 Dec 2007 05:07:49 +0000 (05:07 +0000)
committer	cantor <cantor@cb58f699-b61c-0410-a6fe-9272a202ed29>
	Tue, 4 Dec 2007 05:07:49 +0000 (05:07 +0000)