Fix for #2675, added HTTPS redirect when x-forwarded-proto:http

2021-05-23 00:02:13 -07:00 · 2021-05-23 00:02:13 -07:00 · 98e0801c8c
parent 6cde080ec9
commit 98e0801c8c
2 changed files with 13 additions and 3 deletions
--- a/redirserver.js
+++ b/redirserver.js
@ -33,10 +33,10 @@ module.exports.CreateRedirServer = function (parent, db, args, func) {
    // Perform an HTTP to HTTPS redirection
    function performRedirection(req, res) {
        var host = req.headers.host;
-        if (typeof host == 'string') { host = host.split(":")[0]; }
+        if (typeof host == 'string') { host = host.split(':')[0]; }
        if ((host == null) && (obj.certificates != null)) { host = obj.certificates.CommonName; if (obj.certificates.CommonName.indexOf('.') == -1) { host = req.headers.host; } }
        var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
-        res.redirect("https://" + host + ":" + httpsPort + req.url);
+        res.redirect('https://' + host + ':' + httpsPort + req.url);
    }

    /*
@ -59,7 +59,7 @@ module.exports.CreateRedirServer = function (parent, db, args, func) {
            if (i >= 0) { rootcert = rootcert.substring(i + 29); }
            i = rootcert.indexOf('-----END CERTIFICATE-----');
            if (i >= 0) { rootcert = rootcert.substring(i, 0); }
-            res.send(Buffer.from(rootcert, "base64"));
+            res.send(Buffer.from(rootcert, 'base64'));
        } else {
            res.sendStatus(404);
        }
--- a/webserver.js
+++ b/webserver.js
@ -5294,6 +5294,16 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
            // Useful for debugging reverse proxy issues
            parent.debug('httpheaders', req.method, req.url, req.headers);

+            // If this request came over HTTP, redirect to HTTPS
+            if (req.headers['x-forwarded-proto'] == 'http') {
+                var host = req.headers.host;
+                if (typeof host == 'string') { host = host.split(':')[0]; }
+                if ((host == null) && (obj.certificates != null)) { host = obj.certificates.CommonName; if (obj.certificates.CommonName.indexOf('.') == -1) { host = req.headers.host; } }
+                var httpsPort = ((obj.args.aliasport == null) ? obj.args.port : obj.args.aliasport); // Use HTTPS alias port is specified
+                res.redirect('https://' + host + ':' + httpsPort + req.url);
+                return;
+            }
+
            // Perform traffic accounting
            if (req.headers.upgrade == 'websocket') {
                // We don't count traffic on WebSockets since it's counted by the handling modules.