aboutsummaryrefslogtreecommitdiffstats
path: root/server
diff options
context:
space:
mode:
authorLibravatar Rutger Broekhoff2024-01-24 20:25:31 +0100
committerLibravatar Rutger Broekhoff2024-01-24 20:25:31 +0100
commitc3d692ac5130a5c6f2ab0d89beb22c3b981630e2 (patch)
tree89e315345ee9d7fc2cb342a37cb8f07bf6eff318 /server
parentcd6189d473ac65ffe46ae1094125a6f0ec23a7c9 (diff)
downloadgitolfs3-c3d692ac5130a5c6f2ab0d89beb22c3b981630e2.tar.gz
gitolfs3-c3d692ac5130a5c6f2ab0d89beb22c3b981630e2.zip
Use X-Forwarded-Host instead of X-Forwarded-For
Diffstat (limited to 'server')
-rw-r--r--server/src/main.rs13
1 files changed, 6 insertions, 7 deletions
diff --git a/server/src/main.rs b/server/src/main.rs
index 9826873..0f12c8f 100644
--- a/server/src/main.rs
+++ b/server/src/main.rs
@@ -722,20 +722,19 @@ struct AuthorizationConfig {
722 722
723struct Trusted(bool); 723struct Trusted(bool);
724 724
725fn forwarded_for_trusted_host( 725fn forwarded_from_trusted_host(
726 headers: &HeaderMap, 726 headers: &HeaderMap,
727 trusted: &HashSet<String>, 727 trusted: &HashSet<String>,
728) -> Result<bool, GitLfsErrorResponse<'static>> { 728) -> Result<bool, GitLfsErrorResponse<'static>> {
729 println!("Trusted: {:?}, headers: {:?}", trusted, headers); 729 if let Some(forwarded_host) = headers.get("X-Forwarded-Host") {
730 if let Some(forwarded_for) = headers.get("X-Forwarded-For") { 730 if let Ok(forwarded_host) = forwarded_host.to_str() {
731 if let Ok(forwarded_for) = forwarded_for.to_str() { 731 if trusted.contains(forwarded_host) {
732 if trusted.contains(forwarded_for) {
733 return Ok(true); 732 return Ok(true);
734 } 733 }
735 } else { 734 } else {
736 return Err(make_error_resp( 735 return Err(make_error_resp(
737 StatusCode::NOT_FOUND, 736 StatusCode::NOT_FOUND,
738 "Invalid X-Forwarded-For header", 737 "Invalid X-Forwarded-Host header",
739 )); 738 ));
740 } 739 }
741 } 740 }
@@ -765,7 +764,7 @@ fn authorize_batch(
765 return Ok(Trusted(true)); 764 return Ok(Trusted(true));
766 } 765 }
767 766
768 let trusted = forwarded_for_trusted_host(headers, &conf.trusted_forwarded_hosts)?; 767 let trusted = forwarded_from_trusted_host(headers, &conf.trusted_forwarded_hosts)?;
769 if operation != common::Operation::Download { 768 if operation != common::Operation::Download {
770 if trusted { 769 if trusted {
771 return Err(make_error_resp( 770 return Err(make_error_resp(