diff options
| author | zeripath <art27@cantab.net> | 2019-12-24 00:11:12 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-12-24 00:11:12 +0000 |
| commit | 017f314b5a0f930b477efa1c2a5309f8cdd6d3c3 (patch) | |
| tree | d2e7df096c672520c2a957069829bb9aeb3005bd /routers | |
| parent | 546523a57c0b4393f0732da3db5ad1c8c0d5ec43 (diff) | |
| download | gitea-017f314b5a0f930b477efa1c2a5309f8cdd6d3c3.tar.gz gitea-017f314b5a0f930b477efa1c2a5309f8cdd6d3c3.zip | |
Use Req.URL.RequestURI() to cope with FCGI urls (#9473)
* Use Req.URL.RequestURI() to cope with FCGI urls
* Add debug logging statement when forbidden in internal API.
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/home.go | 2 | ||||
| -rw-r--r-- | routers/private/internal.go | 2 | ||||
| -rw-r--r-- | routers/routes/routes.go | 4 |
3 files changed, 5 insertions, 3 deletions
diff --git a/routers/home.go b/routers/home.go index 4d4bfa5620..d223054f4c 100644 --- a/routers/home.go +++ b/routers/home.go @@ -45,7 +45,7 @@ func Home(ctx *context.Context) { } else if ctx.User.MustChangePassword { ctx.Data["Title"] = ctx.Tr("auth.must_change_password") ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password" - ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.RequestURI, 0, setting.AppSubURL) + ctx.SetCookie("redirect_to", setting.AppSubURL+ctx.Req.URL.RequestURI(), 0, setting.AppSubURL) ctx.Redirect(setting.AppSubURL + "/user/settings/change_password") } else { user.Dashboard(ctx) diff --git a/routers/private/internal.go b/routers/private/internal.go index cfbad19678..dafcd88822 100644 --- a/routers/private/internal.go +++ b/routers/private/internal.go @@ -9,6 +9,7 @@ import ( "strings" "code.gitea.io/gitea/models" + "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/setting" "gitea.com/macaron/macaron" @@ -19,6 +20,7 @@ func CheckInternalToken(ctx *macaron.Context) { tokens := ctx.Req.Header.Get("Authorization") fields := strings.Fields(tokens) if len(fields) != 2 || fields[0] != "Bearer" || fields[1] != setting.InternalToken { + log.Debug("Forbidden attempt to access internal url: Authorization header: %s", tokens) ctx.Error(403) } } diff --git a/routers/routes/routes.go b/routers/routes/routes.go index cb4fadbcdb..c434c42263 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -97,13 +97,13 @@ func RouterHandler(level log.Level) func(ctx *macaron.Context) { return func(ctx *macaron.Context) { start := time.Now() - _ = log.GetLogger("router").Log(0, level, "Started %s %s for %s", log.ColoredMethod(ctx.Req.Method), ctx.Req.RequestURI, ctx.RemoteAddr()) + _ = log.GetLogger("router").Log(0, level, "Started %s %s for %s", log.ColoredMethod(ctx.Req.Method), ctx.Req.URL.RequestURI(), ctx.RemoteAddr()) rw := ctx.Resp.(macaron.ResponseWriter) ctx.Next() status := rw.Status() - _ = log.GetLogger("router").Log(0, level, "Completed %s %s %v %s in %v", log.ColoredMethod(ctx.Req.Method), ctx.Req.RequestURI, log.ColoredStatus(status), log.ColoredStatus(status, http.StatusText(rw.Status())), log.ColoredTime(time.Since(start))) + _ = log.GetLogger("router").Log(0, level, "Completed %s %s %v %s in %v", log.ColoredMethod(ctx.Req.Method), ctx.Req.URL.RequestURI(), log.ColoredStatus(status), log.ColoredStatus(status, http.StatusText(rw.Status())), log.ColoredTime(time.Since(start))) } } |