From e664d0918b2ea004a2498cb67a6e0b4b3b3666f3 Mon Sep 17 00:00:00 2001 From: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> Date: Tue, 2 Apr 2024 13:28:36 +0100 Subject: [PATCH] [bugfix] Set the `Host` header within the signing transport (#2799) --- internal/httpclient/sign.go | 3 +++ internal/processing/admin/debug_apurl.go | 1 - internal/transport/deliver.go | 1 - internal/transport/dereference.go | 1 - internal/transport/derefinstance.go | 3 --- internal/transport/derefmedia.go | 1 - internal/transport/finger.go | 2 -- 7 files changed, 3 insertions(+), 9 deletions(-) diff --git a/internal/httpclient/sign.go b/internal/httpclient/sign.go index 8e66d1bda..6b561c45a 100644 --- a/internal/httpclient/sign.go +++ b/internal/httpclient/sign.go @@ -37,6 +37,9 @@ type signingtransport struct { } func (t *signingtransport) RoundTrip(r *http.Request) (*http.Response, error) { + // Ensure updated host always set. + r.Header.Set("Host", r.URL.Host) + if sign := gtscontext.HTTPClientSignFunc(r.Context()); sign != nil { // Reset signing header fields now := time.Now().UTC() diff --git a/internal/processing/admin/debug_apurl.go b/internal/processing/admin/debug_apurl.go index d308ff7eb..db3c60d0c 100644 --- a/internal/processing/admin/debug_apurl.go +++ b/internal/processing/admin/debug_apurl.go @@ -97,7 +97,6 @@ func (p *Processor) DebugAPUrl( req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON)) req.Header.Add("Accept-Charset", "utf-8") - req.Header.Set("Host", url.Host) // Perform the HTTP request, // and return everything. diff --git a/internal/transport/deliver.go b/internal/transport/deliver.go index 71b065719..fe4d04582 100644 --- a/internal/transport/deliver.go +++ b/internal/transport/deliver.go @@ -120,7 +120,6 @@ func (t *transport) deliver(ctx context.Context, b []byte, to *url.URL) error { req.Header.Add("Content-Type", string(apiutil.AppActivityLDJSON)) req.Header.Add("Accept-Charset", "utf-8") - req.Header.Set("Host", to.Host) rsp, err := t.POST(req, b) if err != nil { diff --git a/internal/transport/dereference.go b/internal/transport/dereference.go index efd3f0fbf..952791f70 100644 --- a/internal/transport/dereference.go +++ b/internal/transport/dereference.go @@ -54,7 +54,6 @@ func (t *transport) Dereference(ctx context.Context, iri *url.URL) (*http.Respon req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON)) req.Header.Add("Accept-Charset", "utf-8") - req.Header.Set("Host", iri.Host) // Perform the HTTP request rsp, err := t.GET(req) diff --git a/internal/transport/derefinstance.go b/internal/transport/derefinstance.go index 439c5ae23..bbeb51000 100644 --- a/internal/transport/derefinstance.go +++ b/internal/transport/derefinstance.go @@ -93,7 +93,6 @@ func dereferenceByAPIV1Instance(ctx context.Context, t *transport, iri *url.URL) } req.Header.Add("Accept", string(apiutil.AppJSON)) - req.Header.Set("Host", cleanIRI.Host) resp, err := t.GET(req) if err != nil { @@ -250,7 +249,6 @@ func callNodeInfoWellKnown(ctx context.Context, t *transport, iri *url.URL) (*ur return nil, err } req.Header.Add("Accept", string(apiutil.AppJSON)) - req.Header.Set("Host", cleanIRI.Host) resp, err := t.GET(req) if err != nil { @@ -308,7 +306,6 @@ func callNodeInfo(ctx context.Context, t *transport, iri *url.URL) (*apimodel.No return nil, err } req.Header.Add("Accept", string(apiutil.AppJSON)) - req.Header.Set("Host", iri.Host) resp, err := t.GET(req) if err != nil { diff --git a/internal/transport/derefmedia.go b/internal/transport/derefmedia.go index 76dfd37ea..265a9e77e 100644 --- a/internal/transport/derefmedia.go +++ b/internal/transport/derefmedia.go @@ -36,7 +36,6 @@ func (t *transport) DereferenceMedia(ctx context.Context, iri *url.URL) (io.Read return nil, 0, err } req.Header.Add("Accept", "*/*") // we don't know what kind of media we're going to get here - req.Header.Set("Host", iri.Host) // Perform the HTTP request rsp, err := t.GET(req) diff --git a/internal/transport/finger.go b/internal/transport/finger.go index 9bcb0fa7e..12563874c 100644 --- a/internal/transport/finger.go +++ b/internal/transport/finger.go @@ -68,7 +68,6 @@ func prepWebfingerReq(ctx context.Context, loc, domain, username string) (*http. // including Gin itself. So concat the accept header with a comma // instead which seems to work reliably req.Header.Add("Accept", string(apiutil.AppJRDJSON)+","+string(apiutil.AppJSON)) - req.Header.Set("Host", req.URL.Host) return req, nil } @@ -187,7 +186,6 @@ func (t *transport) webfingerFromHostMeta(ctx context.Context, targetDomain stri // We're doing XML req.Header.Add("Accept", string(apiutil.AppXML)) req.Header.Add("Accept", "application/xrd+xml") - req.Header.Set("Host", req.URL.Host) // Perform the HTTP request rsp, err := t.GET(req)