Use relative reference URIs in Location header on directory redirects.

This adds support for front-ending httpd(8) with a TLS-terminating
gateway like relayd(8) that forwards unencrypted http traffic.

Previously httpd(8) would use a full URL in the Location header in 301
redirects when a user-agent requests a directory but without the
trailing '/'. If the user-agent originally connected with https, this
caused the redirected url to be http.

This change conforms to RFC7231 section 7.1.2.

Reported by Vincent Lee.

OK claudio@

diff --git a/usr.sbin/httpd/server_file.c b/usr.sbin/httpd/server_file.c
index 6b01ba7..8e977b9 100644 (file)
--- a/usr.sbin/httpd/server_file.c
+++ b/usr.sbin/httpd/server_file.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: server_file.c,v 1.69 2021/03/16 06:44:14 otto Exp $   */
+/*     $OpenBSD: server_file.c,v 1.70 2021/04/29 18:23:07 dv Exp $     */
 
 /*
  * Copyright (c) 2006 - 2017 Reyk Floeter <reyk@openbsd.org>
@@ -85,9 +85,7 @@ server_file_access(struct httpd *env, struct client *clt,
                if (path[strlen(path) - 1] != '/') {
                        if ((encodedpath = url_encode(desc->http_path)) == NULL)
                                return (500);
-                       if (asprintf(&newpath, "http%s://%s%s/",
-                           srv_conf->flags & SRVFLAG_TLS ? "s" : "",
-                           desc->http_host, encodedpath) == -1) {
+                       if (asprintf(&newpath, "%s/", encodedpath) == -1) {
                                free(encodedpath);
                                return (500);
                        }