Make sure we rewrite the request scheme

2026-02-22 14:44:23 +01:00 · 2019-02-27 18:52:11 +09:00
parent 5f15976c02
commit 2317e3d50c
2 changed files with 54 additions and 1 deletions
--- a/BTCPayServer/BTCPayServer.csproj
+++ b/BTCPayServer/BTCPayServer.csproj
@@ -2,7 +2,7 @@
  <PropertyGroup>
    <OutputType>Exe</OutputType>
    <TargetFramework>netcoreapp2.1</TargetFramework>
-		<Version>1.0.3.66</Version>
+		<Version>1.0.3.67</Version>
    <NoWarn>NU1701,CA1816,CA1308,CA1810,CA2208</NoWarn>
  </PropertyGroup>
  <PropertyGroup>
--- a/BTCPayServer/Hosting/BTCpayMiddleware.cs
+++ b/BTCPayServer/Hosting/BTCpayMiddleware.cs
@@ -32,6 +32,8 @@ namespace BTCPayServer.Hosting

        public async Task Invoke(HttpContext httpContext)
        {
+            RewriteHostIfNeeded(httpContext);
+
            try
            {
                var bitpayAuth = GetBitpayAuth(httpContext, out bool isBitpayAuth);
@@ -123,6 +125,57 @@ namespace BTCPayServer.Hosting
            return false;
        }

+        private void RewriteHostIfNeeded(HttpContext httpContext)
+        {
+            string reverseProxyScheme = null;
+            if (httpContext.Request.Headers.TryGetValue("X-Forwarded-Proto", out StringValues proto))
+            {
+                var scheme = proto.SingleOrDefault();
+                if (scheme != null)
+                {
+                    reverseProxyScheme = scheme;
+                }
+            }
+
+            ushort? reverseProxyPort = null;
+            if (httpContext.Request.Headers.TryGetValue("X-Forwarded-Port", out StringValues port))
+            {
+                var portString = port.SingleOrDefault();
+                if (portString != null && ushort.TryParse(portString, out ushort pp))
+                {
+                    reverseProxyPort = pp;
+                }
+            }
+
+            // NGINX pass X-Forwarded-Proto and X-Forwarded-Port, so let's use that to have better guess of the real domain
+
+            ushort? p = null;
+            if (reverseProxyScheme != null)
+            {
+                httpContext.Request.Scheme = reverseProxyScheme;
+                if (reverseProxyScheme == "http")
+                    p = 80;
+                if (reverseProxyScheme == "https")
+                    p = 443;
+            }
+
+            if (reverseProxyPort != null)
+            {
+                p = reverseProxyPort.Value;
+            }
+
+            if (p.HasValue)
+            {
+                bool isDefault = httpContext.Request.Scheme == "http" && p.Value == 80;
+                isDefault |= httpContext.Request.Scheme == "https" && p.Value == 443;
+                if (isDefault)
+                    httpContext.Request.Host = new HostString(httpContext.Request.Host.Host);
+                else
+                    httpContext.Request.Host = new HostString(httpContext.Request.Host.Host, p.Value);
+            }
+
+        }
+
        private static async Task HandleBitpayHttpException(HttpContext httpContext, BitpayHttpException ex)
        {
            httpContext.Response.StatusCode = ex.StatusCode;