diff options
| author | Sebastian <sebasjm@gmail.com> | 2022-07-01 16:47:06 -0300 |
|---|---|---|
| committer | Sebastian <sebasjm@gmail.com> | 2022-07-01 16:47:06 -0300 |
| commit | a3a854aedfb356782dfebfa039ebbf3158cf7161 (patch) | |
| tree | 98e019049745c5c5f8dc651f444460374bcf9594 /src/backend | |
| parent | 6ca2a5cefe5e22340377a3dbb7c67512e51d61ba (diff) | |
| download | merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.tar.gz merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.tar.bz2 merchant-a3a854aedfb356782dfebfa039ebbf3158cf7161.zip | |
check X-Forwarded-Proto when constructing an URI, useful behind a reverse proxy
Diffstat (limited to 'src/backend')
5 files changed, 101 insertions, 13 deletions
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c index 910d53fc..02a4f743 100644 --- a/src/backend/taler-merchant-httpd_get-orders-ID.c +++ b/src/backend/taler-merchant-httpd_get-orders-ID.c @@ -377,6 +377,8 @@ TMH_make_order_status_url (struct MHD_Connection *con, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; /* Number of query parameters written so far */ @@ -388,6 +390,13 @@ TMH_make_order_status_url (struct MHD_Connection *con, forwarded_host = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (con, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -406,12 +415,17 @@ TMH_make_order_status_url (struct MHD_Connection *con, GNUNET_assert (NULL != instance_id); GNUNET_assert (NULL != order_id); - if (GNUNET_NO == TALER_mhd_is_https (con)) + if (GNUNET_NO == TALER_mhd_is_https (con) && + ! proxy_says_https) + { GNUNET_buffer_write_str (&buf, "http://"); + } else + { GNUNET_buffer_write_str (&buf, "https://"); + } GNUNET_buffer_write_str (&buf, host); if (NULL != uri_path) diff --git a/src/backend/taler-merchant-httpd_get-tips-ID.c b/src/backend/taler-merchant-httpd_get-tips-ID.c index f427b168..e11ff0af 100644 --- a/src/backend/taler-merchant-httpd_get-tips-ID.c +++ b/src/backend/taler-merchant-httpd_get-tips-ID.c @@ -35,6 +35,8 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -45,6 +47,14 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (con, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -62,9 +72,13 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con, GNUNET_buffer_write_str (&buf, "taler"); - if (GNUNET_NO == TALER_mhd_is_https (con)) + + if (GNUNET_NO == TALER_mhd_is_https (con) && + ! proxy_says_https) + { GNUNET_buffer_write_str (&buf, "+http"); + } GNUNET_buffer_write_str (&buf, "://tip/"); GNUNET_buffer_write_str (&buf, @@ -97,6 +111,8 @@ TMH_make_tip_status_url (struct MHD_Connection *con, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -107,6 +123,13 @@ TMH_make_tip_status_url (struct MHD_Connection *con, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (con, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -122,12 +145,17 @@ TMH_make_tip_status_url (struct MHD_Connection *con, GNUNET_assert (NULL != instance_id); GNUNET_assert (NULL != tip_id); - if (GNUNET_NO == TALER_mhd_is_https (con)) + if (GNUNET_NO == TALER_mhd_is_https (con) && + ! proxy_says_https) + { GNUNET_buffer_write_str (&buf, "http://"); + } else + { GNUNET_buffer_write_str (&buf, "https://"); + } GNUNET_buffer_write_str (&buf, host); if (NULL != uri_path) diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c index 3953fa06..8bd5b64f 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c +++ b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c @@ -84,6 +84,8 @@ make_taler_refund_uri (struct MHD_Connection *connection, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -95,6 +97,13 @@ make_taler_refund_uri (struct MHD_Connection *connection, forwarded_host = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "X-Forwarded-Prefix"); @@ -107,8 +116,13 @@ make_taler_refund_uri (struct MHD_Connection *connection, return NULL; } GNUNET_buffer_write_str (&buf, "taler"); - if (GNUNET_NO == TALER_mhd_is_https (connection)) - GNUNET_buffer_write_str (&buf, "+http"); + + if (GNUNET_NO == TALER_mhd_is_https (connection) && + ! proxy_says_https) + { + GNUNET_buffer_write_str (&buf, + "+http"); + } GNUNET_buffer_write_str (&buf, "://refund/"); GNUNET_buffer_write_str (&buf, host); if (NULL != uri_path) diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c index efaaf5a7..e0cba6a1 100644 --- a/src/backend/taler-merchant-httpd_private-post-orders.c +++ b/src/backend/taler-merchant-httpd_private-post-orders.c @@ -116,19 +116,39 @@ make_merchant_base_url (struct MHD_Connection *connection, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; - if (GNUNET_YES == TALER_mhd_is_https (connection)) - GNUNET_buffer_write_str (&buf, "https://"); - else - GNUNET_buffer_write_str (&buf, "http://"); host = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, MHD_HTTP_HEADER_HOST); forwarded_host = MHD_lookup_connection_value (connection, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + + uri_path = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, + "X-Forwarded-Prefix"); + + if (GNUNET_NO == TALER_mhd_is_https (connection) && + ! proxy_says_https) + { + GNUNET_buffer_write_str (&buf, + "http://"); + } + else + { + GNUNET_buffer_write_str (&buf, + "https://"); + } if (NULL != forwarded_host) { GNUNET_buffer_write_str (&buf, @@ -140,9 +160,6 @@ make_merchant_base_url (struct MHD_Connection *connection, GNUNET_buffer_write_str (&buf, host); } - uri_path = MHD_lookup_connection_value (connection, - MHD_HEADER_KIND, - "X-Forwarded-Prefix"); if (NULL != uri_path) GNUNET_buffer_write_path (&buf, uri_path); diff --git a/src/backend/taler-merchant-httpd_templating.c b/src/backend/taler-merchant-httpd_templating.c index 9d7766b9..3d76a023 100644 --- a/src/backend/taler-merchant-httpd_templating.c +++ b/src/backend/taler-merchant-httpd_templating.c @@ -121,6 +121,8 @@ make_static_url (struct MHD_Connection *con, { const char *host; const char *forwarded_host; + const char *forwarded_proto; + bool proxy_says_https; const char *uri_path; struct GNUNET_Buffer buf = { 0 }; @@ -130,6 +132,14 @@ make_static_url (struct MHD_Connection *con, forwarded_host = MHD_lookup_connection_value (con, MHD_HEADER_KIND, "X-Forwarded-Host"); + forwarded_proto = MHD_lookup_connection_value (con, + MHD_HEADER_KIND, + "X-Forwarded-Proto"); + + proxy_says_https = ( (NULL != forwarded_proto) && + (0 == strcmp ("https", + forwarded_proto))) + uri_path = MHD_lookup_connection_value (con, MHD_HEADER_KIND, @@ -145,12 +155,17 @@ make_static_url (struct MHD_Connection *con, GNUNET_assert (NULL != instance_id); - if (GNUNET_NO == TALER_mhd_is_https (con)) + if (GNUNET_NO == TALER_mhd_is_https (con) && + ! proxy_says_https) + { GNUNET_buffer_write_str (&buf, "http://"); + } else + { GNUNET_buffer_write_str (&buf, "https://"); + } GNUNET_buffer_write_str (&buf, host); if (NULL != uri_path) |