versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-01-26 20:26:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: 🐛 Make sure reverse proxies don't tamper with URLs

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-06-10 16:24:32 -10:00
parent 9f262c12d6
commit e9e33432c2
No known key found for this signature in database
1 changed files with 10 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
server/api/oauth/sso/:issuer/callback/index.ts
View file

@ -71,6 +71,16 @@ export default (app: Hono) =>
const currentUrl = new URL(context.req.url); const currentUrl = new URL(context.req.url);
const redirectUrl = new URL(context.req.url); const redirectUrl = new URL(context.req.url);
// Correct some reverse proxies incorrectly setting the protocol as http, even if the original request was https
// Looking at you, Traefik
if (
new URL(config.http.base_url).protocol === "https:" &&
currentUrl.protocol === "http:"
) {
currentUrl.protocol = "https:";
redirectUrl.protocol = "https:";
}
// Remove state query parameter from URL // Remove state query parameter from URL
currentUrl.searchParams.delete("state"); currentUrl.searchParams.delete("state");
redirectUrl.searchParams.delete("state"); redirectUrl.searchParams.delete("state");