Path

ez projects / ggwebservices / forum / general / request header

Attention please: Due to restructuring legacy services, the eZ Projects service is going to be discontinued. All the current repositories will be migrated to a new platform. More details will be announced soon.

Request Header

You need to be logged in to post messages in the forums. New users may register here.

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Wednesday 03 April 2013 10:03:26 am

Hi,

thanks for sharing ggwebservice with the community, great work.

My current problem: I need information about the header of a webservice request, is there a way to process header information with ggwebservice? I am using a jsonrpc webservice and need the value of the "x-forwarded-for" header.

I would be appreciative for any advice, thanks.

Regards,
Stephan
Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Wednesday 03 April 2013 10:45:28 am

I will look into this when I have a bit of spare time...

Principal Consultant International Business
Member of the Community Project Board

Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Wednesday 03 April 2013 10:52:25 am

ps: it seems that is not very difficult.

While you wait for next release, you can patch the code as follows:

. patch the ggJSONRPCResponse::decodeStream method. http headers are its 3rd param. Save them to a member variable of the object

. add method ggJSONRPCResponse::responseHeaders which gives you back that variable

All in all, 4 lines of code :-)

Principal Consultant International Business
Member of the Community Project Board

Up

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Wednesday 03 April 2013 4:18:17 pm

Thanks for your fast answer, but I am not sure if response is the correct location.

You have the ability to use "ValidateClientIPs" and "ValidClientIPs", to secure the access to the webservices, if your site is behind a loadbalancer the client ip will always be the loadbalancer ip. So you have to check the "x-forwarded-for" header instead of the ip from incomming request.
My quick fix would be a check for that header in my initialize.php jsonrpc extension, on every method call.

I hope my problem will be more clearly now, sorry for any confusion.

Regards,
Stephan
Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Wednesday 03 April 2013 4:27:34 pm

Ah ok I see better now - you do not want to parse headers by hand but have ValidateClientIP work when behind a proxy.

This is also doable, but in a different place.

So now I have 2 feature requests on my hand ;-)

The fix would be to change the way that client IP validation is done, in file modules/webservices/execute.php

Note that ezsys class from eZ kernel has already a method to give you the client IP even when behind a proxy, starting with ezp 4.5

Principal Consultant International Business
Member of the Community Project Board

Up

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Wednesday 03 April 2013 5:00:08 pm

Thanks for the tip with the ezsys class, I found that note in there:

Note: X-Forwarded-For is transformed by PHP into $_SERVER['HTTP_X_FORWARDED_FOR']

So I can use this to check for a valid IP in your execute.php.
Up

Gaetano Giunta

Member since:
30 November 1999

Posts: 269

Monday 15 April 2013 3:25:22 pm

ps: I implemented both changes, currently in github.

Can you test the git master version, before I package it as rev. 0.14?

Principal Consultant International Business
Member of the Community Project Board

Up

Stephan Scholz

Member since:
03 April 2013

Posts: 4

Tuesday 14 January 2014 9:47:32 am

Sorry for my missing answer, looks good!

Thanks for your great work.
Up

You need to be logged in to post messages in the forums. New users may register here.