nghttpx: HTTPS redirect should not happen with HTTP/3 upstream
This commit is contained in:
Tatsuhiro Tsujikawa
parent
2d790edac5
commit
babeddb649
|
|
@ -984,15 +984,8 @@ int Http3Upstream::on_downstream_abort_request(Downstream *downstream,
|
|||
|
||||
int Http3Upstream::on_downstream_abort_request_with_https_redirect(
|
||||
Downstream *downstream) {
|
||||
int rv;
|
||||
|
||||
rv = redirect_to_https(downstream);
|
||||
if (rv != 0) {
|
||||
return -1;
|
||||
}
|
||||
|
||||
handler_->signal_write();
|
||||
return 0;
|
||||
assert(0);
|
||||
abort();
|
||||
}
|
||||
|
||||
namespace {
|
||||
|
|
@ -1604,10 +1597,11 @@ int Http3Upstream::on_downstream_reset(Downstream *downstream, bool no_retry) {
|
|||
|
||||
fail:
|
||||
if (rv == SHRPX_ERR_TLS_REQUIRED) {
|
||||
rv = on_downstream_abort_request_with_https_redirect(downstream);
|
||||
} else {
|
||||
rv = on_downstream_abort_request(downstream, 502);
|
||||
assert(0);
|
||||
abort();
|
||||
}
|
||||
|
||||
rv = on_downstream_abort_request(downstream, 502);
|
||||
if (rv != 0) {
|
||||
shutdown_stream(downstream, NGHTTP3_H3_INTERNAL_ERROR);
|
||||
}
|
||||
|
|
@ -2318,10 +2312,11 @@ void Http3Upstream::initiate_downstream(Downstream *downstream) {
|
|||
auto dconn = handler_->get_downstream_connection(rv, downstream);
|
||||
if (!dconn) {
|
||||
if (rv == SHRPX_ERR_TLS_REQUIRED) {
|
||||
rv = redirect_to_https(downstream);
|
||||
} else {
|
||||
rv = error_reply(downstream, 502);
|
||||
assert(0);
|
||||
abort();
|
||||
}
|
||||
|
||||
rv = error_reply(downstream, 502);
|
||||
if (rv != 0) {
|
||||
shutdown_stream(downstream, NGHTTP3_H3_INTERNAL_ERROR);
|
||||
}
|
||||
|
|
@ -2731,39 +2726,6 @@ int Http3Upstream::shutdown_stream_read(int64_t stream_id,
|
|||
return 0;
|
||||
}
|
||||
|
||||
int Http3Upstream::redirect_to_https(Downstream *downstream) {
|
||||
auto &req = downstream->request();
|
||||
if (req.regular_connect_method() || req.scheme != "http") {
|
||||
return error_reply(downstream, 400);
|
||||
}
|
||||
|
||||
auto authority = util::extract_host(req.authority);
|
||||
if (authority.empty()) {
|
||||
return error_reply(downstream, 400);
|
||||
}
|
||||
|
||||
auto &balloc = downstream->get_block_allocator();
|
||||
auto config = get_config();
|
||||
auto &httpconf = config->http;
|
||||
|
||||
StringRef loc;
|
||||
if (httpconf.redirect_https_port == StringRef::from_lit("443")) {
|
||||
loc = concat_string_ref(balloc, StringRef::from_lit("https://"), authority,
|
||||
req.path);
|
||||
} else {
|
||||
loc = concat_string_ref(balloc, StringRef::from_lit("https://"), authority,
|
||||
StringRef::from_lit(":"),
|
||||
httpconf.redirect_https_port, req.path);
|
||||
}
|
||||
|
||||
auto &resp = downstream->response();
|
||||
resp.http_status = 308;
|
||||
resp.fs.add_header_token(StringRef::from_lit("location"), loc, false,
|
||||
http2::HD_LOCATION);
|
||||
|
||||
return send_reply(downstream, nullptr, 0);
|
||||
}
|
||||
|
||||
void Http3Upstream::consume(int64_t stream_id, size_t nconsumed) {
|
||||
ngtcp2_conn_extend_max_stream_offset(conn_, stream_id, nconsumed);
|
||||
ngtcp2_conn_extend_max_offset(conn_, nconsumed);
|
||||
|
|
|
|||
|
|
@ -120,7 +120,6 @@ public:
|
|||
void initiate_downstream(Downstream *downstream);
|
||||
int shutdown_stream(Downstream *downstream, uint64_t app_error_code);
|
||||
int shutdown_stream_read(int64_t stream_id, uint64_t app_error_code);
|
||||
int redirect_to_https(Downstream *downstream);
|
||||
int http_stream_close(Downstream *downstream, uint64_t app_error_code);
|
||||
void consume(int64_t stream_id, size_t nconsumed);
|
||||
void remove_downstream(Downstream *downstream);
|
||||
|
|
|
|||
Loading…
Reference in New Issue