diff options
| author | Saswat Padhi <saswat.sourav@gmail.com> | 2022-11-28 23:30:47 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-29 15:30:47 +0800 |
| commit | 715cf46dc464fe8b1543b6a6c640e5187ccb5c1a (patch) | |
| tree | d96ca513033c1352875419dbd4b7339a32c99d77 | |
| parent | f047ee0a40b50ab51e10ddcc57040ffa127d9e21 (diff) | |
| download | gitea-715cf46dc464fe8b1543b6a6c640e5187ccb5c1a.tar.gz gitea-715cf46dc464fe8b1543b6a6c640e5187ccb5c1a.zip | |
Normalize `AppURL` according to RFC 3986 (#21950)
Fixes #21865.
Scheme-based normalization ([RFC 3986, section
6.2.3](https://www.rfc-editor.org/rfc/rfc3986#section-6.2.3)) was
already implemented, but only for `defaultAppURL`.
This PR implements the same for `AppURL`.
Signed-off-by: Saswat Padhi <saswatpadhi@protonmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
| -rw-r--r-- | modules/setting/setting.go | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/modules/setting/setting.go b/modules/setting/setting.go index 68892a2198..f0d7f02927 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -748,19 +748,22 @@ func loadFromConf(allowEmpty bool, extraConfig string) { PerWriteTimeout = sec.Key("PER_WRITE_TIMEOUT").MustDuration(PerWriteTimeout) PerWritePerKbTimeout = sec.Key("PER_WRITE_PER_KB_TIMEOUT").MustDuration(PerWritePerKbTimeout) - defaultAppURL := string(Protocol) + "://" + Domain - if (Protocol == HTTP && HTTPPort != "80") || (Protocol == HTTPS && HTTPPort != "443") { - defaultAppURL += ":" + HTTPPort - } - AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL + "/") - // This should be TrimRight to ensure that there is only a single '/' at the end of AppURL. - AppURL = strings.TrimRight(AppURL, "/") + "/" + defaultAppURL := string(Protocol) + "://" + Domain + ":" + HTTPPort + AppURL = sec.Key("ROOT_URL").MustString(defaultAppURL) - // Check if has app suburl. + // Check validity of AppURL appURL, err := url.Parse(AppURL) if err != nil { log.Fatal("Invalid ROOT_URL '%s': %s", AppURL, err) } + // Remove default ports from AppURL. + // (scheme-based URL normalization, RFC 3986 section 6.2.3) + if (appURL.Scheme == string(HTTP) && appURL.Port() == "80") || (appURL.Scheme == string(HTTPS) && appURL.Port() == "443") { + appURL.Host = appURL.Hostname() + } + // This should be TrimRight to ensure that there is only a single '/' at the end of AppURL. + AppURL = strings.TrimRight(appURL.String(), "/") + "/" + // Suburl should start with '/' and end without '/', such as '/{subpath}'. // This value is empty if site does not have sub-url. AppSubURL = strings.TrimSuffix(appURL.Path, "/") |