From cec276414051e99d704064799675f0504bd35cc1 Mon Sep 17 00:00:00 2001
From: Mark Payne <markap14@hotmail.com>
Date: Wed, 22 Nov 2017 09:56:09 -0500
Subject: [PATCH] NIFI-4632: Add the local hostname to the list of validated
 host headers

This closes #2288.

Signed-off-by: Andy LoPresto <alopresto.apache@gmail.com>
---
 .../java/org/apache/nifi/web/server/HostHeaderHandler.java | 7 +++++++
 .../nifi/web/server/HostHeaderSanitizationCustomizer.java  | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java
index 989d8d7fec..0b3a8bedd8 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderHandler.java
@@ -18,6 +18,7 @@ package org.apache.nifi.web.server;
 
 import java.io.IOException;
 import java.io.PrintWriter;
+import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
@@ -60,6 +61,12 @@ public class HostHeaderHandler extends ScopedHandler {
         validHosts.add("localhost:" + serverPort);
         // Different from customizer -- empty is ok here
         validHosts.add("");
+        try {
+            validHosts.add(InetAddress.getLocalHost().getHostName());
+            validHosts.add(InetAddress.getLocalHost().getHostName() + ":" + serverPort);
+        } catch (final Exception e) {
+            logger.warn("Failed to determine local hostname.", e);
+        }
 
         logger.info("Created " + this.toString());
     }
diff --git a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderSanitizationCustomizer.java b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderSanitizationCustomizer.java
index 9d55d71816..5a10610246 100644
--- a/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderSanitizationCustomizer.java
+++ b/nifi-nar-bundles/nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/HostHeaderSanitizationCustomizer.java
@@ -16,6 +16,7 @@
  */
 package org.apache.nifi.web.server;
 
+import java.net.InetAddress;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
@@ -53,6 +54,12 @@ public class HostHeaderSanitizationCustomizer implements HttpConfiguration.Custo
         // Sometimes the hostname is left empty but the port is always populated
         validHosts.add("localhost");
         validHosts.add("localhost:" + serverPort);
+        try {
+            validHosts.add(InetAddress.getLocalHost().getHostName());
+            validHosts.add(InetAddress.getLocalHost().getHostName() + ":" + serverPort);
+        } catch (final Exception e) {
+            logger.warn("Failed to determine local hostname.", e);
+        }
 
         logger.info("Created " + this.toString());
     }