mirror/xiaomi-dafang-hacks
1
0
Fork 0
mirror of https://github.com/EliasKotlyar/Xiaomi-Dafang-Hacks.git synced 2025-09-03 05:02:40 +02:00
Code Issues Releases Wiki Activity

Prevent HTTPS redirects for 127.0.0.1 (#1846)

Browse Source 
This is helpful for when a host is connected over an ssh tunnel, and sends "localhost" for the HOST header.
If it is an ssh tunnel, it is already secured. And browsers have trouble with redirects to https://localhost
This commit is contained in:
unqueued
2023-05-23 15:43:50 -04:00
committed by GitHub
parent 6e1729539a
commit 7fc144b8ea
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
firmware_mod/config/lighttpd.conf.dist
View File

@@ -52,10 +52,13 @@ $HTTP["url"] !~ "^/.well-known/(.*)" {
#SSL is enabled by default #SSL is enabled by default
#If disabling SSL you must clear your site cookie #If disabling SSL you must clear your site cookie
$HTTP["scheme"] == "http" { $HTTP["scheme"] == "http" {
# capture vhost name with regex conditiona -> %0 in redirect pattern # Do not apply rule to 127.0.0.1, for ssh tunnels
# must be the most inner block to the redirect rule $HTTP["remote-ip"] != "127.0.0.1" {
$HTTP["host"] =~ ".*" { # capture vhost name with regex conditiona -> %0 in redirect pattern
url.redirect = (".*" => "https://%0$0") # must be the most inner block to the redirect rule
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
} }
} }
} }