nghttpx: HTTPS redirect should not happen with HTTP/3 upstream

This commit is contained in:
Tatsuhiro Tsujikawa 2022-11-20 17:03:30 +09:00
parent 2d790edac5
commit babeddb649
2 changed files with 10 additions and 49 deletions

View File

@ -984,15 +984,8 @@ int Http3Upstream::on_downstream_abort_request(Downstream *downstream,
int Http3Upstream::on_downstream_abort_request_with_https_redirect( int Http3Upstream::on_downstream_abort_request_with_https_redirect(
Downstream *downstream) { Downstream *downstream) {
int rv; assert(0);
abort();
rv = redirect_to_https(downstream);
if (rv != 0) {
return -1;
}
handler_->signal_write();
return 0;
} }
namespace { namespace {
@ -1604,10 +1597,11 @@ int Http3Upstream::on_downstream_reset(Downstream *downstream, bool no_retry) {
fail: fail:
if (rv == SHRPX_ERR_TLS_REQUIRED) { if (rv == SHRPX_ERR_TLS_REQUIRED) {
rv = on_downstream_abort_request_with_https_redirect(downstream); assert(0);
} else { abort();
rv = on_downstream_abort_request(downstream, 502);
} }
rv = on_downstream_abort_request(downstream, 502);
if (rv != 0) { if (rv != 0) {
shutdown_stream(downstream, NGHTTP3_H3_INTERNAL_ERROR); shutdown_stream(downstream, NGHTTP3_H3_INTERNAL_ERROR);
} }
@ -2318,10 +2312,11 @@ void Http3Upstream::initiate_downstream(Downstream *downstream) {
auto dconn = handler_->get_downstream_connection(rv, downstream); auto dconn = handler_->get_downstream_connection(rv, downstream);
if (!dconn) { if (!dconn) {
if (rv == SHRPX_ERR_TLS_REQUIRED) { if (rv == SHRPX_ERR_TLS_REQUIRED) {
rv = redirect_to_https(downstream); assert(0);
} else { abort();
rv = error_reply(downstream, 502);
} }
rv = error_reply(downstream, 502);
if (rv != 0) { if (rv != 0) {
shutdown_stream(downstream, NGHTTP3_H3_INTERNAL_ERROR); shutdown_stream(downstream, NGHTTP3_H3_INTERNAL_ERROR);
} }
@ -2731,39 +2726,6 @@ int Http3Upstream::shutdown_stream_read(int64_t stream_id,
return 0; return 0;
} }
int Http3Upstream::redirect_to_https(Downstream *downstream) {
auto &req = downstream->request();
if (req.regular_connect_method() || req.scheme != "http") {
return error_reply(downstream, 400);
}
auto authority = util::extract_host(req.authority);
if (authority.empty()) {
return error_reply(downstream, 400);
}
auto &balloc = downstream->get_block_allocator();
auto config = get_config();
auto &httpconf = config->http;
StringRef loc;
if (httpconf.redirect_https_port == StringRef::from_lit("443")) {
loc = concat_string_ref(balloc, StringRef::from_lit("https://"), authority,
req.path);
} else {
loc = concat_string_ref(balloc, StringRef::from_lit("https://"), authority,
StringRef::from_lit(":"),
httpconf.redirect_https_port, req.path);
}
auto &resp = downstream->response();
resp.http_status = 308;
resp.fs.add_header_token(StringRef::from_lit("location"), loc, false,
http2::HD_LOCATION);
return send_reply(downstream, nullptr, 0);
}
void Http3Upstream::consume(int64_t stream_id, size_t nconsumed) { void Http3Upstream::consume(int64_t stream_id, size_t nconsumed) {
ngtcp2_conn_extend_max_stream_offset(conn_, stream_id, nconsumed); ngtcp2_conn_extend_max_stream_offset(conn_, stream_id, nconsumed);
ngtcp2_conn_extend_max_offset(conn_, nconsumed); ngtcp2_conn_extend_max_offset(conn_, nconsumed);

View File

@ -120,7 +120,6 @@ public:
void initiate_downstream(Downstream *downstream); void initiate_downstream(Downstream *downstream);
int shutdown_stream(Downstream *downstream, uint64_t app_error_code); int shutdown_stream(Downstream *downstream, uint64_t app_error_code);
int shutdown_stream_read(int64_t stream_id, uint64_t app_error_code); int shutdown_stream_read(int64_t stream_id, uint64_t app_error_code);
int redirect_to_https(Downstream *downstream);
int http_stream_close(Downstream *downstream, uint64_t app_error_code); int http_stream_close(Downstream *downstream, uint64_t app_error_code);
void consume(int64_t stream_id, size_t nconsumed); void consume(int64_t stream_id, size_t nconsumed);
void remove_downstream(Downstream *downstream); void remove_downstream(Downstream *downstream);