hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

EnsureHostMatchesPlug: Remove match against default scheme port

Browse source 
Checking against the default port of the Endpoint URL scheme is
redundant as normal instances will have the combination https/443
by default created by pleroma.instance gen, Tor-only instances should
have combination http/80 and local testing instances httt/XXXX.

The default scheme port doesn't add anything usefull in these configs.
This commit is contained in:
Phantasm 2026-05-12 23:31:55 +02:00
commit 6f415cf3fc
No known key found for this signature in database
GPG key ID: 2669E588BCC634C8
2 changed files with 7 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

17
lib/pleroma/web/plugs/ensure_host_matches_plug.ex
View file

@ -17,7 +17,6 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlug do
host_header = get_req_header(conn, "host")
host_uri = URI.parse("//#{host_header}")
instance_uri = URI.parse(Endpoint.url())
instance_scheme_port = URI.default_port(instance_uri.scheme)
case host_header do
[host] ->
@ -26,7 +25,7 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlug do
resp(conn, 400, "Host header not provided") |> halt()
true ->
if host_matches?(host_uri, instance_uri, instance_scheme_port),
if host_matches?(host_uri, instance_uri),
do: assign(conn, :valid_host_header, true),
else: resp(conn, 400, "Host header does not match this instance") |> halt()
end
@ -52,17 +51,13 @@ defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlug do
# Host header did not provide port
# Host header is scheme-less, URI.parse does not provide default port
defp host_matches?(%URI{host: req_host, port: nil}, %URI{host: instance_host}, _),
defp host_matches?(%URI{host: req_host, port: nil}, %URI{host: instance_host}),
do: case_insensitive_compare(req_host, instance_host)
# Host header provided a port, reverse proxy configuration (port cannot match Endpoint port)
# Both port 80 and 443 are valid based on Endpoint configuration
defp host_matches?(%URI{host: req_host, port: port}, %URI{host: instance_host}, port),
# Host header provided a port
# Any port specified in the Endpoint url configuration is valid here
defp host_matches?(%URI{host: req_host, port: port}, %URI{host: instance_host, port: port}),
do: case_insensitive_compare(req_host, instance_host)
# Host header provided port, configuration without reverse proxy (port matches Endpoint port)
defp host_matches?(%URI{host: req_host, port: port}, %URI{host: instance_host, port: port}, _),
do: case_insensitive_compare(req_host, instance_host)
defp host_matches?(_, _, _), do: false
defp host_matches?(_, _), do: false
end