[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-merchant] branch master updated: check X-Forwarded-Proto when con
From: |
gnunet |
Subject: |
[taler-merchant] branch master updated: check X-Forwarded-Proto when constructing an URI, useful behind a reverse proxy |
Date: |
Fri, 01 Jul 2022 21:47:14 +0200 |
This is an automated email from the git hooks/post-receive script.
sebasjm pushed a commit to branch master
in repository merchant.
The following commit(s) were added to refs/heads/master by this push:
new a3a854ae check X-Forwarded-Proto when constructing an URI, useful
behind a reverse proxy
a3a854ae is described below
commit a3a854aedfb356782dfebfa039ebbf3158cf7161
Author: Sebastian <sebasjm@gmail.com>
AuthorDate: Fri Jul 1 16:47:06 2022 -0300
check X-Forwarded-Proto when constructing an URI, useful behind a reverse
proxy
---
src/backend/taler-merchant-httpd_get-orders-ID.c | 16 ++++++++++-
src/backend/taler-merchant-httpd_get-tips-ID.c | 32 ++++++++++++++++++++--
...-merchant-httpd_private-post-orders-ID-refund.c | 18 ++++++++++--
.../taler-merchant-httpd_private-post-orders.c | 31 ++++++++++++++++-----
src/backend/taler-merchant-httpd_templating.c | 17 +++++++++++-
5 files changed, 101 insertions(+), 13 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c
b/src/backend/taler-merchant-httpd_get-orders-ID.c
index 910d53fc..02a4f743 100644
--- a/src/backend/taler-merchant-httpd_get-orders-ID.c
+++ b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -377,6 +377,8 @@ TMH_make_order_status_url (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
+ const char *forwarded_proto;
+ bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
/* Number of query parameters written so far */
@@ -388,6 +390,13 @@ TMH_make_order_status_url (struct MHD_Connection *con,
forwarded_host = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
+ forwarded_proto = MHD_lookup_connection_value (con,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Proto");
+ proxy_says_https = ( (NULL != forwarded_proto) &&
+ (0 == strcmp ("https",
+ forwarded_proto)))
+
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -406,12 +415,17 @@ TMH_make_order_status_url (struct MHD_Connection *con,
GNUNET_assert (NULL != instance_id);
GNUNET_assert (NULL != order_id);
- if (GNUNET_NO == TALER_mhd_is_https (con))
+ if (GNUNET_NO == TALER_mhd_is_https (con) &&
+ ! proxy_says_https)
+ {
GNUNET_buffer_write_str (&buf,
"http://");
+ }
else
+ {
GNUNET_buffer_write_str (&buf,
"https://");
+ }
GNUNET_buffer_write_str (&buf,
host);
if (NULL != uri_path)
diff --git a/src/backend/taler-merchant-httpd_get-tips-ID.c
b/src/backend/taler-merchant-httpd_get-tips-ID.c
index f427b168..e11ff0af 100644
--- a/src/backend/taler-merchant-httpd_get-tips-ID.c
+++ b/src/backend/taler-merchant-httpd_get-tips-ID.c
@@ -35,6 +35,8 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
+ const char *forwarded_proto;
+ bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -45,6 +47,14 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
+ forwarded_proto = MHD_lookup_connection_value (con,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Proto");
+
+ proxy_says_https = ( (NULL != forwarded_proto) &&
+ (0 == strcmp ("https",
+ forwarded_proto)))
+
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -62,9 +72,13 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con,
GNUNET_buffer_write_str (&buf,
"taler");
- if (GNUNET_NO == TALER_mhd_is_https (con))
+
+ if (GNUNET_NO == TALER_mhd_is_https (con) &&
+ ! proxy_says_https)
+ {
GNUNET_buffer_write_str (&buf,
"+http");
+ }
GNUNET_buffer_write_str (&buf,
"://tip/");
GNUNET_buffer_write_str (&buf,
@@ -97,6 +111,8 @@ TMH_make_tip_status_url (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
+ const char *forwarded_proto;
+ bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -107,6 +123,13 @@ TMH_make_tip_status_url (struct MHD_Connection *con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
+ forwarded_proto = MHD_lookup_connection_value (con,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Proto");
+ proxy_says_https = ( (NULL != forwarded_proto) &&
+ (0 == strcmp ("https",
+ forwarded_proto)))
+
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -122,12 +145,17 @@ TMH_make_tip_status_url (struct MHD_Connection *con,
GNUNET_assert (NULL != instance_id);
GNUNET_assert (NULL != tip_id);
- if (GNUNET_NO == TALER_mhd_is_https (con))
+ if (GNUNET_NO == TALER_mhd_is_https (con) &&
+ ! proxy_says_https)
+ {
GNUNET_buffer_write_str (&buf,
"http://");
+ }
else
+ {
GNUNET_buffer_write_str (&buf,
"https://");
+ }
GNUNET_buffer_write_str (&buf,
host);
if (NULL != uri_path)
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
index 3953fa06..8bd5b64f 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
@@ -84,6 +84,8 @@ make_taler_refund_uri (struct MHD_Connection *connection,
{
const char *host;
const char *forwarded_host;
+ const char *forwarded_proto;
+ bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -95,6 +97,13 @@ make_taler_refund_uri (struct MHD_Connection *connection,
forwarded_host = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"X-Forwarded-Host");
+ forwarded_proto = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Proto");
+ proxy_says_https = ( (NULL != forwarded_proto) &&
+ (0 == strcmp ("https",
+ forwarded_proto)))
+
uri_path = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -107,8 +116,13 @@ make_taler_refund_uri (struct MHD_Connection *connection,
return NULL;
}
GNUNET_buffer_write_str (&buf, "taler");
- if (GNUNET_NO == TALER_mhd_is_https (connection))
- GNUNET_buffer_write_str (&buf, "+http");
+
+ if (GNUNET_NO == TALER_mhd_is_https (connection) &&
+ ! proxy_says_https)
+ {
+ GNUNET_buffer_write_str (&buf,
+ "+http");
+ }
GNUNET_buffer_write_str (&buf, "://refund/");
GNUNET_buffer_write_str (&buf, host);
if (NULL != uri_path)
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c
b/src/backend/taler-merchant-httpd_private-post-orders.c
index efaaf5a7..e0cba6a1 100644
--- a/src/backend/taler-merchant-httpd_private-post-orders.c
+++ b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -116,19 +116,39 @@ make_merchant_base_url (struct MHD_Connection *connection,
{
const char *host;
const char *forwarded_host;
+ const char *forwarded_proto;
+ bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
- if (GNUNET_YES == TALER_mhd_is_https (connection))
- GNUNET_buffer_write_str (&buf, "https://");
- else
- GNUNET_buffer_write_str (&buf, "http://");
host = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_HOST);
forwarded_host = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"X-Forwarded-Host");
+ forwarded_proto = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Proto");
+ proxy_says_https = ( (NULL != forwarded_proto) &&
+ (0 == strcmp ("https",
+ forwarded_proto)))
+
+ uri_path = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Prefix");
+
+ if (GNUNET_NO == TALER_mhd_is_https (connection) &&
+ ! proxy_says_https)
+ {
+ GNUNET_buffer_write_str (&buf,
+ "http://");
+ }
+ else
+ {
+ GNUNET_buffer_write_str (&buf,
+ "https://");
+ }
if (NULL != forwarded_host)
{
GNUNET_buffer_write_str (&buf,
@@ -140,9 +160,6 @@ make_merchant_base_url (struct MHD_Connection *connection,
GNUNET_buffer_write_str (&buf,
host);
}
- uri_path = MHD_lookup_connection_value (connection,
- MHD_HEADER_KIND,
- "X-Forwarded-Prefix");
if (NULL != uri_path)
GNUNET_buffer_write_path (&buf, uri_path);
diff --git a/src/backend/taler-merchant-httpd_templating.c
b/src/backend/taler-merchant-httpd_templating.c
index 9d7766b9..3d76a023 100644
--- a/src/backend/taler-merchant-httpd_templating.c
+++ b/src/backend/taler-merchant-httpd_templating.c
@@ -121,6 +121,8 @@ make_static_url (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
+ const char *forwarded_proto;
+ bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -130,6 +132,14 @@ make_static_url (struct MHD_Connection *con,
forwarded_host = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
+ forwarded_proto = MHD_lookup_connection_value (con,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Proto");
+
+ proxy_says_https = ( (NULL != forwarded_proto) &&
+ (0 == strcmp ("https",
+ forwarded_proto)))
+
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
@@ -145,12 +155,17 @@ make_static_url (struct MHD_Connection *con,
GNUNET_assert (NULL != instance_id);
- if (GNUNET_NO == TALER_mhd_is_https (con))
+ if (GNUNET_NO == TALER_mhd_is_https (con) &&
+ ! proxy_says_https)
+ {
GNUNET_buffer_write_str (&buf,
"http://");
+ }
else
+ {
GNUNET_buffer_write_str (&buf,
"https://");
+ }
GNUNET_buffer_write_str (&buf,
host);
if (NULL != uri_path)
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-merchant] branch master updated: check X-Forwarded-Proto when constructing an URI, useful behind a reverse proxy,
gnunet <=