commit 3408486b5ba1752e589bec2ba592dcdb638c8be9
parent a3a854aedfb356782dfebfa039ebbf3158cf7161
Author: Sebastian <sebasjm@gmail.com>
Date: Fri, 1 Jul 2022 19:05:12 -0300
Revert "check X-Forwarded-Proto when constructing an URI, useful behind a reverse proxy"
This reverts commit a3a854aedfb356782dfebfa039ebbf3158cf7161.
This check is already done in TALER_mhd_is_https in the exchange repo
Diffstat:
5 files changed, 13 insertions(+), 101 deletions(-)
diff --git a/src/backend/taler-merchant-httpd_get-orders-ID.c b/src/backend/taler-merchant-httpd_get-orders-ID.c
@@ -377,8 +377,6 @@ TMH_make_order_status_url (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
- const char *forwarded_proto;
- bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
/* Number of query parameters written so far */
@@ -390,13 +388,6 @@ TMH_make_order_status_url (struct MHD_Connection *con,
forwarded_host = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
- forwarded_proto = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "X-Forwarded-Proto");
- proxy_says_https = ( (NULL != forwarded_proto) &&
- (0 == strcmp ("https",
- forwarded_proto)))
-
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -415,17 +406,12 @@ TMH_make_order_status_url (struct MHD_Connection *con,
GNUNET_assert (NULL != instance_id);
GNUNET_assert (NULL != order_id);
- if (GNUNET_NO == TALER_mhd_is_https (con) &&
- ! proxy_says_https)
- {
+ if (GNUNET_NO == TALER_mhd_is_https (con))
GNUNET_buffer_write_str (&buf,
"http://");
- }
else
- {
GNUNET_buffer_write_str (&buf,
"https://");
- }
GNUNET_buffer_write_str (&buf,
host);
if (NULL != uri_path)
diff --git a/src/backend/taler-merchant-httpd_get-tips-ID.c b/src/backend/taler-merchant-httpd_get-tips-ID.c
@@ -35,8 +35,6 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
- const char *forwarded_proto;
- bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -47,14 +45,6 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
- forwarded_proto = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "X-Forwarded-Proto");
-
- proxy_says_https = ( (NULL != forwarded_proto) &&
- (0 == strcmp ("https",
- forwarded_proto)))
-
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -72,13 +62,9 @@ TMH_make_taler_tip_uri (struct MHD_Connection *con,
GNUNET_buffer_write_str (&buf,
"taler");
-
- if (GNUNET_NO == TALER_mhd_is_https (con) &&
- ! proxy_says_https)
- {
+ if (GNUNET_NO == TALER_mhd_is_https (con))
GNUNET_buffer_write_str (&buf,
"+http");
- }
GNUNET_buffer_write_str (&buf,
"://tip/");
GNUNET_buffer_write_str (&buf,
@@ -111,8 +97,6 @@ TMH_make_tip_status_url (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
- const char *forwarded_proto;
- bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -123,13 +107,6 @@ TMH_make_tip_status_url (struct MHD_Connection *con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
- forwarded_proto = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "X-Forwarded-Proto");
- proxy_says_https = ( (NULL != forwarded_proto) &&
- (0 == strcmp ("https",
- forwarded_proto)))
-
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -145,17 +122,12 @@ TMH_make_tip_status_url (struct MHD_Connection *con,
GNUNET_assert (NULL != instance_id);
GNUNET_assert (NULL != tip_id);
- if (GNUNET_NO == TALER_mhd_is_https (con) &&
- ! proxy_says_https)
- {
+ if (GNUNET_NO == TALER_mhd_is_https (con))
GNUNET_buffer_write_str (&buf,
"http://");
- }
else
- {
GNUNET_buffer_write_str (&buf,
"https://");
- }
GNUNET_buffer_write_str (&buf,
host);
if (NULL != uri_path)
diff --git a/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c b/src/backend/taler-merchant-httpd_private-post-orders-ID-refund.c
@@ -84,8 +84,6 @@ make_taler_refund_uri (struct MHD_Connection *connection,
{
const char *host;
const char *forwarded_host;
- const char *forwarded_proto;
- bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -97,13 +95,6 @@ make_taler_refund_uri (struct MHD_Connection *connection,
forwarded_host = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"X-Forwarded-Host");
- forwarded_proto = MHD_lookup_connection_value (connection,
- MHD_HEADER_KIND,
- "X-Forwarded-Proto");
- proxy_says_https = ( (NULL != forwarded_proto) &&
- (0 == strcmp ("https",
- forwarded_proto)))
-
uri_path = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"X-Forwarded-Prefix");
@@ -116,13 +107,8 @@ make_taler_refund_uri (struct MHD_Connection *connection,
return NULL;
}
GNUNET_buffer_write_str (&buf, "taler");
-
- if (GNUNET_NO == TALER_mhd_is_https (connection) &&
- ! proxy_says_https)
- {
- GNUNET_buffer_write_str (&buf,
- "+http");
- }
+ if (GNUNET_NO == TALER_mhd_is_https (connection))
+ GNUNET_buffer_write_str (&buf, "+http");
GNUNET_buffer_write_str (&buf, "://refund/");
GNUNET_buffer_write_str (&buf, host);
if (NULL != uri_path)
diff --git a/src/backend/taler-merchant-httpd_private-post-orders.c b/src/backend/taler-merchant-httpd_private-post-orders.c
@@ -116,39 +116,19 @@ make_merchant_base_url (struct MHD_Connection *connection,
{
const char *host;
const char *forwarded_host;
- const char *forwarded_proto;
- bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
+ if (GNUNET_YES == TALER_mhd_is_https (connection))
+ GNUNET_buffer_write_str (&buf, "https://");
+ else
+ GNUNET_buffer_write_str (&buf, "http://");
host = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
MHD_HTTP_HEADER_HOST);
forwarded_host = MHD_lookup_connection_value (connection,
MHD_HEADER_KIND,
"X-Forwarded-Host");
- forwarded_proto = MHD_lookup_connection_value (connection,
- MHD_HEADER_KIND,
- "X-Forwarded-Proto");
- proxy_says_https = ( (NULL != forwarded_proto) &&
- (0 == strcmp ("https",
- forwarded_proto)))
-
- uri_path = MHD_lookup_connection_value (connection,
- MHD_HEADER_KIND,
- "X-Forwarded-Prefix");
-
- if (GNUNET_NO == TALER_mhd_is_https (connection) &&
- ! proxy_says_https)
- {
- GNUNET_buffer_write_str (&buf,
- "http://");
- }
- else
- {
- GNUNET_buffer_write_str (&buf,
- "https://");
- }
if (NULL != forwarded_host)
{
GNUNET_buffer_write_str (&buf,
@@ -160,6 +140,9 @@ make_merchant_base_url (struct MHD_Connection *connection,
GNUNET_buffer_write_str (&buf,
host);
}
+ uri_path = MHD_lookup_connection_value (connection,
+ MHD_HEADER_KIND,
+ "X-Forwarded-Prefix");
if (NULL != uri_path)
GNUNET_buffer_write_path (&buf, uri_path);
diff --git a/src/backend/taler-merchant-httpd_templating.c b/src/backend/taler-merchant-httpd_templating.c
@@ -121,8 +121,6 @@ make_static_url (struct MHD_Connection *con,
{
const char *host;
const char *forwarded_host;
- const char *forwarded_proto;
- bool proxy_says_https;
const char *uri_path;
struct GNUNET_Buffer buf = { 0 };
@@ -132,14 +130,6 @@ make_static_url (struct MHD_Connection *con,
forwarded_host = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
"X-Forwarded-Host");
- forwarded_proto = MHD_lookup_connection_value (con,
- MHD_HEADER_KIND,
- "X-Forwarded-Proto");
-
- proxy_says_https = ( (NULL != forwarded_proto) &&
- (0 == strcmp ("https",
- forwarded_proto)))
-
uri_path = MHD_lookup_connection_value (con,
MHD_HEADER_KIND,
@@ -155,17 +145,12 @@ make_static_url (struct MHD_Connection *con,
GNUNET_assert (NULL != instance_id);
- if (GNUNET_NO == TALER_mhd_is_https (con) &&
- ! proxy_says_https)
- {
+ if (GNUNET_NO == TALER_mhd_is_https (con))
GNUNET_buffer_write_str (&buf,
"http://");
- }
else
- {
GNUNET_buffer_write_str (&buf,
"https://");
- }
GNUNET_buffer_write_str (&buf,
host);
if (NULL != uri_path)
