diff --git a/lib/pleroma/web/plugs/ensure_host_matches_plug.ex b/lib/pleroma/web/plugs/ensure_host_matches_plug.ex index 87c4c0531..ab2129f9e 100644 --- a/lib/pleroma/web/plugs/ensure_host_matches_plug.ex +++ b/lib/pleroma/web/plugs/ensure_host_matches_plug.ex @@ -17,7 +17,6 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlug do host_header = get_req_header(conn, "host") host_uri = URI.parse("//#{host_header}") instance_uri = URI.parse(Endpoint.url()) - instance_scheme_port = URI.default_port(instance_uri.scheme) case host_header do [host] -> @@ -26,7 +25,7 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlug do resp(conn, 400, "Host header not provided") |> halt() true -> - if host_matches?(host_uri, instance_uri, instance_scheme_port), + if host_matches?(host_uri, instance_uri), do: assign(conn, :valid_host_header, true), else: resp(conn, 400, "Host header does not match this instance") |> halt() end @@ -52,17 +51,13 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlug do # Host header did not provide port # Host header is scheme-less, URI.parse does not provide default port - defp host_matches?(%URI{host: req_host, port: nil}, %URI{host: instance_host}, _), + defp host_matches?(%URI{host: req_host, port: nil}, %URI{host: instance_host}), do: case_insensitive_compare(req_host, instance_host) - # Host header provided a port, reverse proxy configuration (port cannot match Endpoint port) - # Both port 80 and 443 are valid based on Endpoint configuration - defp host_matches?(%URI{host: req_host, port: port}, %URI{host: instance_host}, port), + # Host header provided a port + # Any port specified in the Endpoint url configuration is valid here + defp host_matches?(%URI{host: req_host, port: port}, %URI{host: instance_host, port: port}), do: case_insensitive_compare(req_host, instance_host) - # Host header provided port, configuration without reverse proxy (port matches Endpoint port) - defp host_matches?(%URI{host: req_host, port: port}, %URI{host: instance_host, port: port}, _), - do: case_insensitive_compare(req_host, instance_host) - - defp host_matches?(_, _, _), do: false + defp host_matches?(_, _), do: false end diff --git a/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs b/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs index 67252e7a7..8ace74dfb 100644 --- a/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs +++ b/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs @@ -8,7 +8,6 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlugTest do alias Pleroma.Web.Endpoint alias Pleroma.Web.Plugs.EnsureHostMatchesPlug - import Mock import Plug.Conn import Tesla.Mock @@ -105,33 +104,7 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlugTest do assert Map.get(conn.assigns, :valid_host_header, nil) end - test "it works for Host header with port as 80", %{conn: conn} do - endpoint = URI.parse(Endpoint.url()) - - conn = - conn - |> set_host("#{endpoint.host}:80") - |> EnsureHostMatchesPlug.call(%{}) - - assert conn.halted == false - assert Map.get(conn.assigns, :valid_host_header, nil) - end - - test "it works for Host header with port as 443", %{conn: conn} do - with_mock Pleroma.Web.Endpoint, url: fn -> "https://localhost:4001" end do - endpoint = URI.parse(Endpoint.url()) - - conn = - conn - |> set_host("#{endpoint.host}:443") - |> EnsureHostMatchesPlug.call(%{}) - - assert conn.halted == false - assert Map.get(conn.assigns, :valid_host_header, nil) - end - end - - test "it works for Host header with port as same as Endpoint (no reverse proxy config)", %{ + test "it works for Host header with port same as Endpoint", %{ conn: conn } do endpoint = URI.parse(Endpoint.url())