Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

httpd/webdav: add a list of hosts allowed to send proxy headers

Browse Source 
X-Forwarded-For, X-Real-IP and X-Forwarded-Proto headers will be ignored
for hosts not included in this list.

This is a backward incompatible change, before the proxy headers were
always used
This commit is contained in:
Nicola Murino
2021-05-11 06:54:06 +02:00
parent f1b998ce16
commit c8f7fc9bc9
25 changed files with 669 additions and 383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
httpd/auth_utils.go
View File

@@ -137,7 +137,7 @@ func (c *jwtTokenClaims) createAndSetCookie(w http.ResponseWriter, r *http.Reque
Path: basePath,
Expires: time.Now().Add(tokenDuration),
HttpOnly: true,
Secure: r.TLS != nil,
Secure: isTLS(r),
})
return nil
@@ -150,11 +150,21 @@ func (c *jwtTokenClaims) removeCookie(w http.ResponseWriter, r *http.Request) {
Path: webBasePath,
MaxAge: -1,
HttpOnly: true,
Secure: r.TLS != nil,
Secure: isTLS(r),
})
invalidateToken(r)
}
func isTLS(r *http.Request) bool {
if r.TLS != nil {
return true
}
if proto, ok := r.Context().Value(forwardedProtoKey).(string); ok {
return proto == "https"
}
return false
}
func isTokenInvalidated(r *http.Request) bool {
isTokenFound := false
token := jwtauth.TokenFromHeader(r)