diff options
author | Sebastian <sebasjm@gmail.com> | 2022-07-01 16:47:06 -0300 |
---|---|---|
committer | Sebastian <sebasjm@gmail.com> | 2022-07-01 16:47:06 -0300 |
commit | a3a854aedfb356782dfebfa039ebbf3158cf7161 (patch) | |
tree | 98e019049745c5c5f8dc651f444460374bcf9594 /src/backend/taler-merchant-httpd_get-tips-ID.c | |
parent | 6ca2a5cefe5e22340377a3dbb7c67512e51d61ba (diff) | |
download | merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.tar.gz merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.tar.bz2 merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.zip |
check X-Forwarded-Proto when constructing an URI, useful behind a reverse proxy
Diffstat (limited to 'src/backend/taler-merchant-httpd_get-tips-ID.c')
-rw-r--r-- | src/backend/taler-merchant-httpd_get-tips-ID.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/src/backend/taler-merchant-httpd_get-tips-ID.c b/src/backend/taler-merchant-httpd_get-tips-ID.c index f427b168..e11ff0af 100644 --- a/src/backend/taler-merchant-httpd_get-tips-ID.c +++ b/src/backend/taler-merchant-httpd_get-tips-ID.c @@ -35,6 +35,8 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -45,6 +47,14 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (con, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -62,9 +72,13 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con, GNUNET_buffer_write_str (&buf, "taler"); - if (GNUNET_NO == TALER_mhd_is_https (con)) + + if (GNUNET_NO == TALER_mhd_is_https (con) && + ! proxy_says_https) + { GNUNET_buffer_write_str (&buf, "+http"); + } GNUNET_buffer_write_str (&buf, "://tip/"); GNUNET_buffer_write_str (&buf, @@ -97,6 +111,8 @@ TMH_make_tip_status_url (struct MHD_Connection *con, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -107,6 +123,13 @@ TMH_make_tip_status_url (struct MHD_Connection *con, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (con, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -122,12 +145,17 @@ TMH_make_tip_status_url (struct MHD_Connection *con, GNUNET_assert (NULL != instance_id); GNUNET_assert (NULL != tip_id); - if (GNUNET_NO == TALER_mhd_is_https (con)) + if (GNUNET_NO == TALER_mhd_is_https (con) && + ! proxy_says_https) + { GNUNET_buffer_write_str (&buf, "http://"); + } else + { GNUNET_buffer_write_str (&buf, "https://"); + } GNUNET_buffer_write_str (&buf, host); if (NULL != uri_path) |