Matrix-Mirrors/synapse-product
1
0
Fork 0
mirror of https://git.anonymousland.org/anonymousland/synapse-product.git synced 2024-08-04 12:01:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Set X-Forwarded-Proto header when frontend-proxy proxies a request (#9539)

Browse Source 
Should fix some remaining warnings
This commit is contained in:
Richard van der Hoff 2021-03-03 18:49:08 +00:00 committed by GitHub
parent a4fa044c00
commit 4db07f9aef
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
changelog.d/9539.feature Normal file
View File

@ -0,0 +1 @@
Add support for `X-Forwarded-Proto` header when using a reverse proxy.

15
synapse/app/generic_worker.py
View File

@ -23,6 +23,7 @@ from typing_extensions import ContextManager
from twisted.internet import address from twisted.internet import address
from twisted.web.resource import IResource from twisted.web.resource import IResource
from twisted.web.server import Request
import synapse import synapse
import synapse.events import synapse.events
@ -190,7 +191,7 @@ class KeyUploadServlet(RestServlet):
self.http_client = hs.get_simple_http_client() self.http_client = hs.get_simple_http_client()
self.main_uri = hs.config.worker_main_http_uri self.main_uri = hs.config.worker_main_http_uri
async def on_POST(self, request, device_id): async def on_POST(self, request: Request, device_id: Optional[str]):
requester = await self.auth.get_user_by_req(request, allow_guest=True) requester = await self.auth.get_user_by_req(request, allow_guest=True)
user_id = requester.user.to_string() user_id = requester.user.to_string()
body = parse_json_object_from_request(request) body = parse_json_object_from_request(request)
@ -223,10 +224,12 @@ class KeyUploadServlet(RestServlet):
header: request.requestHeaders.getRawHeaders(header, []) header: request.requestHeaders.getRawHeaders(header, [])
for header in (b"Authorization", b"User-Agent") for header in (b"Authorization", b"User-Agent")
} }
# Add the previous hop the the X-Forwarded-For header. # Add the previous hop to the X-Forwarded-For header.
x_forwarded_for = request.requestHeaders.getRawHeaders( x_forwarded_for = request.requestHeaders.getRawHeaders(
b"X-Forwarded-For", [] b"X-Forwarded-For", []
) )
# we use request.client here, since we want the previous hop, not the
# original client (as returned by request.getClientAddress()).
if isinstance(request.client, (address.IPv4Address, address.IPv6Address)): if isinstance(request.client, (address.IPv4Address, address.IPv6Address)):
previous_host = request.client.host.encode("ascii") previous_host = request.client.host.encode("ascii")
# If the header exists, add to the comma-separated list of the first # If the header exists, add to the comma-separated list of the first
@ -239,6 +242,14 @@ class KeyUploadServlet(RestServlet):
x_forwarded_for = [previous_host] x_forwarded_for = [previous_host]
headers[b"X-Forwarded-For"] = x_forwarded_for headers[b"X-Forwarded-For"] = x_forwarded_for
# Replicate the original X-Forwarded-Proto header. Note that
# XForwardedForRequest overrides isSecure() to give us the original protocol
# used by the client, as opposed to the protocol used by our upstream proxy
# - which is what we want here.
headers[b"X-Forwarded-Proto"] = [
b"https" if request.isSecure() else b"http"
]
try: try:
result = await self.http_client.post_json_get_json( result = await self.http_client.post_json_get_json(
self.main_uri + request.uri.decode("ascii"), body, headers=headers self.main_uri + request.uri.decode("ascii"), body, headers=headers