urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't send relative redirect URLs when behind a reverse proxy

master
Simon McVittie 2018-01-08 10:53:32 +00:00
parent 48fc7db2f7
commit a147f5349d
4 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@ -1,3 +1,9 @@
ikiwiki (3.20180106) UNRELEASED; urgency=medium
* core: Don't send relative redirect URLs when behind a reverse proxy
-- Simon McVittie <smcv@debian.org> Mon, 08 Jan 2018 10:51:10 +0000
ikiwiki (3.20180105) upstream; urgency=medium ikiwiki (3.20180105) upstream; urgency=medium
* emailauth: Fix cookie problem when user is on https and the cgiurl * emailauth: Fix cookie problem when user is on https and the cgiurl

2
IkiWiki/CGI.pm
View File

@ -91,7 +91,7 @@ sub redirect ($$) {
my $q=shift; my $q=shift;
eval q{use URI}; eval q{use URI};
my $topurl; my $topurl = $config{cgiurl};
if (defined $q && ! $config{w3mmode} && ! $config{reverse_proxy}) { if (defined $q && ! $config{w3mmode} && ! $config{reverse_proxy}) {
$topurl = $q->url; $topurl = $q->url;
} }

10
doc/bugs/cgi_redirecting_to_non-https_URL.mdwn
View File

@ -42,11 +42,11 @@ that so as to have the path for letsencrypt negotiation not redirected.-- [[User
> Is the connection between nginx and lighttpd http or https? > Is the connection between nginx and lighttpd http or https?
> >
> I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with > I think this is maybe a bug in `IkiWiki::redirect` when used in conjunction with
> `reverse_proxy: 1`. I've added a failing test case marked as TODO to `t/relativity.t`, > `reverse_proxy: 1`: when marked as behind a reverse proxy,
> although I haven't been able to fix the bug yet. The bug I found is that when marked > `IkiWiki::redirect` sent `Location: /phd/foo/bar/`, which your backend web
> as behind a reverse proxy, `IkiWiki::redirect` sends `Location: /foo/bar/`, which > server might be misinterpreting. ikiwiki git master now sends
> your backend web server might be misinterpreting. It should send > `Location: https://redacted/phd/foo/bar/` instead: does that resolve this
> `Location: https://redacted/foo/bar/` instead. > for you?
> >
> Assuming nginx has a reasonable level of configuration, you can redirect http to https > Assuming nginx has a reasonable level of configuration, you can redirect http to https
> for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap > for the entire server except `/.well-known/acme-challenge/` as a good way to bootstrap

3
t/relativity.t
View File

@ -403,10 +403,7 @@ sub test_site6_behind_reverse_proxy {
like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$}); like($bits{cgihref}, qr{^(?:(?:https:)?//example.com)?/cgi-bin/ikiwiki.cgi$});
like($bits{basehref}, qr{^(?:(?:https:)?//example\.com)?/wiki/$}); like($bits{basehref}, qr{^(?:(?:https:)?//example\.com)?/wiki/$});
like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$}); like($bits{stylehref}, qr{^(?:(?:https:)?//example.com)?/wiki/style.css$});
TODO: {
local $TODO = "https://ikiwiki.info/bugs/cgi_redirecting_to_non-https_URL/";
check_goto(qr{^https://example\.com/wiki/a/b/c/$}, HTTP_HOST => 'localhost'); check_goto(qr{^https://example\.com/wiki/a/b/c/$}, HTTP_HOST => 'localhost');
}
# previewing a page # previewing a page
%bits = parse_cgi_content(run_cgi(is_preview => 1, HTTP_HOST => 'localhost')); %bits = parse_cgi_content(run_cgi(is_preview => 1, HTTP_HOST => 'localhost'));