revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-04-08 10:28:29 +02:00
Code Issues Releases Wiki Activity

Fix protocol serve detection for clustered repositories that terminate HTTPS

Browse source 
Summary:
Ref T10927. Pretty sure the issue is:

  - User makes an HTTPS request.
  - Load balancer terminates it, but with an `X-Forwarded-Proto` header.
  - `secure001` (or whatever; acting as web host) proxies it to `secure002` (or whatever; acting as a repository host). **This** connection is plain HTTP.
  - Since this proxied connection is plain HTTP, we check if the repository can serve over "http", but it can't: only "https". So we fail incorrectly, even though the original user request was HTTPS.

In the long run we should probably forward the `X-Forwarded-Proto` header, but that has some weird implications and it's broadly fine to allow either protocol to serve as long as the other one is active: configuration like `security.require-https` is already stronger than these settings.

Test Plan: This is likely only observable in production, but normal cloning still works locally.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10927

Differential Revision: https://secure.phabricator.com/D15856
This commit is contained in:
epriestley 2016-05-05 16:16:09 -07:00
parent 1baef494c1
commit fde02c4b4e
1 changed files with 14 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/applications/diffusion/controller/DiffusionServeController.php
View file

@ -267,20 +267,27 @@ final class DiffusionServeController extends DiffusionController {
// token from SSH. If they're using HTTP username + password auth, they // token from SSH. If they're using HTTP username + password auth, they
// have to obey the normal HTTP rules. // have to obey the normal HTTP rules.
} else { } else {
if ($request->isHTTPS()) { // For now, we don't distinguish between HTTP and HTTPS-originated
$protocol = PhabricatorRepositoryURI::BUILTIN_PROTOCOL_HTTPS; // requests that are proxied within the cluster, so the user can connect
} else { // with HTTPS but we may be on HTTP by the time we reach this part of
$protocol = PhabricatorRepositoryURI::BUILTIN_PROTOCOL_HTTP; // the code. Allow things to move forward as long as either protocol
} // can be served.
$proto_https = PhabricatorRepositoryURI::BUILTIN_PROTOCOL_HTTPS;
$proto_http = PhabricatorRepositoryURI::BUILTIN_PROTOCOL_HTTP;
if (!$repository->canServeProtocol($protocol, false)) { $can_read =
$repository->canServeProtocol($proto_https, false) ||
$repository->canServeProtocol($proto_http, false);
if (!$can_read) {
return new PhabricatorVCSResponse( return new PhabricatorVCSResponse(
403, 403,
pht('This repository is not available over HTTP.')); pht('This repository is not available over HTTP.'));
} }
if ($is_push) { if ($is_push) {
$can_write = $repository->canServeProtocol($protocol, true); $can_write =
$repository->canServeProtocol($proto_https, true) ||
$repository->canServeProtocol($proto_http, true);
if (!$can_write) { if (!$can_write) {
return new PhabricatorVCSResponse( return new PhabricatorVCSResponse(
403, 403,