Forum

Hiawatha version: 9.7
Operating System: raspian (Debian clone for Raspberry Pi)

Hi Hugo!

I am running aHiawatha web server with Banshee on the c-r-e-d-i-t-card sized
Raspberry Pi computer. It is externally accessible via a port forwarding
rule in the router, the dynamic IP of the router handled by dyndns.org.
To simplify the server address, it can be reached via a CNAME record from
my site at a web hotel.
This leads to a rather complicated chain of redirections:
aserver.mysite.com =>(CNAME) bserver.dyndns.org
bserver.dyndns.org =>(Webhop) cdir.dserver,dyndns.org:65535
Banshee does not like this, and givs me a CSRF error when I want to log in.

However, I solved this with two changes:
In website.conf I added a line:
WEBSITE_ALIASES = cdir.dserver.dyndns.org, bserver.dyndns.org, aserver.mysite.com
In security.php I added after line 64:
if (WEBSITE_ALIASES) {
$website_aliases = explode(",",str_replace("\w","",WEBSITE_ALIASES));
$valid_hostnames = array_merge($valid_hostnames, $website_aliases);
}

Maybe someone else can be helped by this?
(Of course, all server, dir and port names are cloaked here)

Best regards, and thanks for the nice systems,
Peter Kling
Sweden

What you can try is to make the hostname that's used in the browser the first hostname in your webserver configuration. The first hostname will be used for the HTTP_HOST CGI environment variable which Banshee uses to check for an CSRF attack (by matching it with HTTP_REFERER).