diff options
author | Rutger Broekhoff | 2024-01-24 20:25:31 +0100 |
---|---|---|
committer | Rutger Broekhoff | 2024-01-24 20:25:31 +0100 |
commit | c3d692ac5130a5c6f2ab0d89beb22c3b981630e2 (patch) | |
tree | 89e315345ee9d7fc2cb342a37cb8f07bf6eff318 /server/src | |
parent | cd6189d473ac65ffe46ae1094125a6f0ec23a7c9 (diff) | |
download | gitolfs3-c3d692ac5130a5c6f2ab0d89beb22c3b981630e2.tar.gz gitolfs3-c3d692ac5130a5c6f2ab0d89beb22c3b981630e2.zip |
Use X-Forwarded-Host instead of X-Forwarded-For
Diffstat (limited to 'server/src')
-rw-r--r-- | server/src/main.rs | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/server/src/main.rs b/server/src/main.rs index 9826873..0f12c8f 100644 --- a/server/src/main.rs +++ b/server/src/main.rs | |||
@@ -722,20 +722,19 @@ struct AuthorizationConfig { | |||
722 | 722 | ||
723 | struct Trusted(bool); | 723 | struct Trusted(bool); |
724 | 724 | ||
725 | fn forwarded_for_trusted_host( | 725 | fn forwarded_from_trusted_host( |
726 | headers: &HeaderMap, | 726 | headers: &HeaderMap, |
727 | trusted: &HashSet<String>, | 727 | trusted: &HashSet<String>, |
728 | ) -> Result<bool, GitLfsErrorResponse<'static>> { | 728 | ) -> Result<bool, GitLfsErrorResponse<'static>> { |
729 | println!("Trusted: {:?}, headers: {:?}", trusted, headers); | 729 | if let Some(forwarded_host) = headers.get("X-Forwarded-Host") { |
730 | if let Some(forwarded_for) = headers.get("X-Forwarded-For") { | 730 | if let Ok(forwarded_host) = forwarded_host.to_str() { |
731 | if let Ok(forwarded_for) = forwarded_for.to_str() { | 731 | if trusted.contains(forwarded_host) { |
732 | if trusted.contains(forwarded_for) { | ||
733 | return Ok(true); | 732 | return Ok(true); |
734 | } | 733 | } |
735 | } else { | 734 | } else { |
736 | return Err(make_error_resp( | 735 | return Err(make_error_resp( |
737 | StatusCode::NOT_FOUND, | 736 | StatusCode::NOT_FOUND, |
738 | "Invalid X-Forwarded-For header", | 737 | "Invalid X-Forwarded-Host header", |
739 | )); | 738 | )); |
740 | } | 739 | } |
741 | } | 740 | } |
@@ -765,7 +764,7 @@ fn authorize_batch( | |||
765 | return Ok(Trusted(true)); | 764 | return Ok(Trusted(true)); |
766 | } | 765 | } |
767 | 766 | ||
768 | let trusted = forwarded_for_trusted_host(headers, &conf.trusted_forwarded_hosts)?; | 767 | let trusted = forwarded_from_trusted_host(headers, &conf.trusted_forwarded_hosts)?; |
769 | if operation != common::Operation::Download { | 768 | if operation != common::Operation::Download { |
770 | if trusted { | 769 | if trusted { |
771 | return Err(make_error_resp( | 770 | return Err(make_error_resp( |