add some resilience when both Forwarded and X-Forwarded-* are configured

Signed-off-by: Hans Zandbelt <[email protected]>
OpenIDC · Aug 28, 2024 · 918bcd6 · 918bcd6
1 parent 7b796ca
commit 918bcd6
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,7 @@
 08/28/2024
 - re-introduce OIDCSessionMaxDuration 0; see #1252
 - bump to 2.4.16.2dev
+- add some resilience when both Forwarded and X-Forwarded-* are configured
 
 08/26/2024
 - fix parsing OIDCXForwardedHeaders; closes #1250; thanks @maltesmann

diff --git a/src/util.c b/src/util.c
@@ -653,7 +653,7 @@ static const char *oidc_util_current_url_scheme(const request_rec *r, oidc_hdr_x
 
 	if (x_forwarded_headers & OIDC_HDR_FORWARDED)
 		scheme_str = oidc_http_hdr_forwarded_get(r, "proto");
-	else if (x_forwarded_headers & OIDC_HDR_X_FORWARDED_PROTO)
+	if ((scheme_str == NULL) && (x_forwarded_headers & OIDC_HDR_X_FORWARDED_PROTO))
 		scheme_str = oidc_http_hdr_in_x_forwarded_proto_get(r);
 
 	/* if not we'll determine the scheme used to connect to this server */
@@ -722,7 +722,7 @@ static const char *oidc_get_current_url_port(const request_rec *r, const char *s
 
 	if (x_forwarded_headers & OIDC_HDR_FORWARDED)
 		host_hdr = oidc_http_hdr_forwarded_get(r, "host");
-	else if (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST)
+	if ((host_hdr == NULL) && (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST))
 		host_hdr = oidc_http_hdr_in_x_forwarded_host_get(r);
 
 	if (host_hdr) {
@@ -782,7 +782,7 @@ const char *oidc_util_current_url_host(request_rec *r, oidc_hdr_x_forwarded_t x_
 
 	if (x_forwarded_headers & OIDC_HDR_FORWARDED)
 		host_str = oidc_http_hdr_forwarded_get(r, "host");
-	else if (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST)
+	if ((host_str == NULL) && (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST))
 		host_str = oidc_http_hdr_in_x_forwarded_host_get(r);
 
 	if (host_str == NULL)