diff options
author | Vladimir Shushlin <vshushlin@gitlab.com> | 2019-08-21 19:00:52 +0300 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2019-08-21 19:00:52 +0300 |
commit | 8e390bd9884461ebd4e0663cba391a86a7b2ef5b (patch) | |
tree | 7855531881f831d884266e6a47a3b77ecfa6b750 /app.go | |
parent | f8dabe33aee2931bcd060f7a13663eef0a0c8d9c (diff) |
Fix https downgrade for pages behind proxy
We can't rely on r.TLS when pages are served behind proxy
So we save https flag to a context for later usage
Right now I'm trying to keep changes to a minimum since
I'm planning to backport this to older versions
That's why https flag is not refactored throughout the codebase
The alternative way would be to use gorilla's proxy headers
I'm planning to refactor to that version later
Diffstat (limited to 'app.go')
-rw-r--r-- | app.go | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -26,6 +26,7 @@ import ( "gitlab.com/gitlab-org/gitlab-pages/internal/domain" "gitlab.com/gitlab-org/gitlab-pages/internal/httperrors" "gitlab.com/gitlab-org/gitlab-pages/internal/netutil" + "gitlab.com/gitlab-org/gitlab-pages/internal/request" "gitlab.com/gitlab-org/gitlab-pages/metrics" ) @@ -230,6 +231,8 @@ func (a *theApp) serveFileOrNotFound(domain *domain.D) http.HandlerFunc { func (a *theApp) ServeHTTP(ww http.ResponseWriter, r *http.Request) { https := r.TLS != nil + r = request.WithHTTPSFlag(r, https) + headerConfig.AddCustomHeaders(ww, a.CustomHeaders) a.serveContent(ww, r, https) @@ -238,6 +241,7 @@ func (a *theApp) ServeHTTP(ww http.ResponseWriter, r *http.Request) { func (a *theApp) ServeProxy(ww http.ResponseWriter, r *http.Request) { forwardedProto := r.Header.Get(xForwardedProto) https := forwardedProto == xForwardedProtoHTTPS + r = request.WithHTTPSFlag(r, https) if forwardedHost := r.Header.Get(xForwardedHost); forwardedHost != "" { r.Host = forwardedHost |