diff options
author | Sebastian <sebasjm@gmail.com> | 2022-07-01 16:47:06 -0300 |
---|---|---|
committer | Sebastian <sebasjm@gmail.com> | 2022-07-01 16:47:06 -0300 |
commit | a3a854aedfb356782dfebfa039ebbf3158cf7161 (patch) | |
tree | 98e019049745c5c5f8dc651f444460374bcf9594 /src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c | |
parent | 6ca2a5cefe5e22340377a3dbb7c67512e51d61ba (diff) | |
download | merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.tar.gz merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.tar.bz2 merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.zip |
check X-Forwarded-Proto when constructing an URI, useful behind a reverse proxy
Diffstat (limited to 'src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c')
-rw-r--r-- | src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c index 3953fa06..8bd5b64f 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c +++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c @@ -84,6 +84,8 @@ make_taler_refund_uri (struct MHD_Connection *connection, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -95,6 +97,13 @@ make_taler_refund_uri (struct MHD_Connection *connection, forwarded_host = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -107,8 +116,13 @@ make_taler_refund_uri (struct MHD_Connection *connection, return NULL; } GNUNET_buffer_write_str (&buf, "taler"); - if (GNUNET_NO == TALER_mhd_is_https (connection)) - GNUNET_buffer_write_str (&buf, "+http"); + + if (GNUNET_NO == TALER_mhd_is_https (connection) && + ! proxy_says_https) + { + GNUNET_buffer_write_str (&buf, + "+http"); + } GNUNET_buffer_write_str (&buf, "://refund/"); GNUNET_buffer_write_str (&buf, host); if (NULL != uri_path) |