Don't send relative redirect URLs when behind a reverse proxy

2018-01-08 10:53:32 +00:00 · 2018-01-08 10:53:32 +00:00 · a147f5349d
parent 48fc7db2f7
commit a147f5349d
4 changed files with 12 additions and 9 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
+ikiwiki (3.20180106) UNRELEASED; urgency=medium
+
+  * core: Don't send relative redirect URLs when behind a reverse proxy
+
+ -- Simon McVittie <smcv@debian.org>  Mon, 08 Jan 2018 10:51:10 +0000
+
 ikiwiki (3.20180105) upstream; urgency=medium

  * emailauth: Fix cookie problem when user is on https and the cgiurl
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@ -91,7 +91,7 @@ sub redirect ($$) {
 	my $q=shift;
 	eval q{use URI};

-	my $topurl;
+	my $topurl = $config{cgiurl};
 	if (defined $q && ! $config{w3mmode} && ! $config{reverse_proxy}) {
 		$topurl = $q->url;
 	}
--- a/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
+++ b/doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
@ -42,11 +42,11 @@ that so as to have the path for letsencrypt negotiation not redirected.-- [[User
 > Is the connection between nginx and lighttpd http or https?
 >
 > I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
-> `reverse_proxy: 1`. I've added a failing test case marked as TODO to `t/relativity.t`,
-> although I haven't been able to fix the bug yet. The bug I found is that when marked
-> as behind a reverse proxy, `IkiWiki::redirect` sends `Location: /foo/bar/`, which
-> your backend web server might be misinterpreting. It should send
-> `Location: https://redacted/foo/bar/` instead.
+> `reverse_proxy: 1`: when marked as behind a reverse proxy,
+> `IkiWiki::redirect` sent `Location: /phd/foo/bar/`, which your backend web
+> server might be misinterpreting. ikiwiki git master now sends
+> `Location: https://redacted/phd/foo/bar/` instead: does that resolve this
+> for you?
 >
 > Assuming nginx has a reasonable level of configuration, you can redirect http to https
 > for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap
--- a/t/relativity.t
+++ b/t/relativity.t
@ -403,10 +403,7 @@ sub test_site6_behind_reverse_proxy {
 	like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
 	like($bits{basehref}, qr{^(?:(?:https:)?//example\.com)?/wiki/$});
 	like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
-	TODO: {
-	local $TODO = "https://ikiwiki.info/bugs/cgi_redirecting_to_non-https_URL/";
 	check_goto(qr{^https://example\.com/wiki/a/b/c/$}, HTTP_HOST => 'localhost');
-	}

 	# previewing a page
 	%bits = parse_cgi_content(run_cgi(is_preview => 1, HTTP_HOST => 'localhost'));