From cb8c4e3e16b5e498a825202c2567d5fef1b6d2fe Mon Sep 17 00:00:00 2001 From: dv Date: Thu, 29 Apr 2021 18:23:07 +0000 Subject: [PATCH] Use relative reference URIs in Location header on directory redirects. This adds support for front-ending httpd(8) with a TLS-terminating gateway like relayd(8) that forwards unencrypted http traffic. Previously httpd(8) would use a full URL in the Location header in 301 redirects when a user-agent requests a directory but without the trailing '/'. If the user-agent originally connected with https, this caused the redirected url to be http. This change conforms to RFC7231 section 7.1.2. Reported by Vincent Lee. OK claudio@ --- usr.sbin/httpd/server_file.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/usr.sbin/httpd/server_file.c b/usr.sbin/httpd/server_file.c index 6b01ba7f3d6..8e977b988fb 100644 --- a/usr.sbin/httpd/server_file.c +++ b/usr.sbin/httpd/server_file.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_file.c,v 1.69 2021/03/16 06:44:14 otto Exp $ */ +/* $OpenBSD: server_file.c,v 1.70 2021/04/29 18:23:07 dv Exp $ */ /* * Copyright (c) 2006 - 2017 Reyk Floeter @@ -85,9 +85,7 @@ server_file_access(struct httpd *env, struct client *clt, if (path[strlen(path) - 1] != '/') { if ((encodedpath = url_encode(desc->http_path)) == NULL) return (500); - if (asprintf(&newpath, "http%s://%s%s/", - srv_conf->flags & SRVFLAG_TLS ? "s" : "", - desc->http_host, encodedpath) == -1) { + if (asprintf(&newpath, "%s/", encodedpath) == -1) { free(encodedpath); return (500); } -- 2.20.1