forked from gitea/gitea
1
0
Fork 0

Normalize `AppURL` according to RFC 3986 (#21950)

Fixes #21865.

Scheme-based normalization ([RFC 3986, section
6.2.3](https://www.rfc-editor.org/rfc/rfc3986#section-6.2.3)) was
already implemented, but only for `defaultAppURL`.
This PR implements the same for `AppURL`.

Signed-off-by: Saswat Padhi <saswatpadhi@protonmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
This commit is contained in:
Saswat Padhi 2022-11-28 23:30:47 -08:00 committed by GitHub
parent f047ee0a40
commit 715cf46dc4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 8 deletions

View File

@ -748,19 +748,22 @@ func loadFromConf(allowEmpty bool, extraConfig string) {
PerWriteTimeout = sec.Key("PER_WRITE_TIMEOUT").MustDuration(PerWriteTimeout) PerWriteTimeout = sec.Key("PER_WRITE_TIMEOUT").MustDuration(PerWriteTimeout)
PerWritePerKbTimeout = sec.Key("PER_WRITE_PER_KB_TIMEOUT").MustDuration(PerWritePerKbTimeout) PerWritePerKbTimeout = sec.Key("PER_WRITE_PER_KB_TIMEOUT").MustDuration(PerWritePerKbTimeout)
defaultAppURL := string(Protocol) + "://" + Domain defaultAppURL := string(Protocol) + "://" + Domain + ":" + HTTPPort
if (Protocol == HTTP && HTTPPort != "80") || (Protocol == HTTPS && HTTPPort != "443") { AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL)
defaultAppURL += ":" + HTTPPort
}
AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL + "/")
// This should be TrimRight to ensure that there is only a single '/' at the end of AppURL.
AppURL = strings.TrimRight(AppURL, "/") + "/"
// Check if has app suburl. // Check validity of AppURL
appURL, err := url.Parse(AppURL) appURL, err := url.Parse(AppURL)
if err != nil { if err != nil {
log.Fatal("Invalid ROOT_URL '%s': %s", AppURL, err) log.Fatal("Invalid ROOT_URL '%s': %s", AppURL, err)
} }
// Remove default ports from AppURL.
// (scheme-based URL normalization, RFC 3986 section 6.2.3)
if (appURL.Scheme == string(HTTP) && appURL.Port() == "80") || (appURL.Scheme == string(HTTPS) && appURL.Port() == "443") {
appURL.Host = appURL.Hostname()
}
// This should be TrimRight to ensure that there is only a single '/' at the end of AppURL.
AppURL = strings.TrimRight(appURL.String(), "/") + "/"
// Suburl should start with '/' and end without '/', such as '/{subpath}'. // Suburl should start with '/' and end without '/', such as '/{subpath}'.
// This value is empty if site does not have sub-url. // This value is empty if site does not have sub-url.
AppSubURL = strings.TrimSuffix(appURL.Path, "/") AppSubURL = strings.TrimSuffix(appURL.Path, "/")