Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect fileserver towards https #4859

Merged
merged 1 commit into from
Dec 1, 2022
Merged

Redirect fileserver towards https #4859

merged 1 commit into from
Dec 1, 2022

Conversation

benjamreis
Copy link
Contributor

@benjamreis benjamreis commented Nov 29, 2022
edited
Loading

  • Add location to Http.Request.Hdr
  • Add response_redirect method to http-svr
  • When GET is received by the fileserver and website-https-only is true:
    • if host is filled in the request, redirect towards the same URI but in HTTPS
    • if host is not present, reply with a forbidden as before

Solves: #4856

Signed-off-by: BenjiReis benjamin.reis@vates.fr

benjamreis added a commit to xcp-ng-rpms/xapi that referenced this pull request Nov 29, 2022
@benjamreis
Redirect fileserver towards HTTPS
4f1f971 
xapi-project/xen-api#4859

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
psafont
psafont approved these changes Nov 29, 2022
View reviewed changes
Copy link
Member

@psafont psafont left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good, waiting on Benjamin to post the results of manual testing

@benjamreis benjamreis marked this pull request as draft November 29, 2022 09:28
lindig
lindig approved these changes Nov 29, 2022
View reviewed changes
ocaml/libs/http-svr/http_svr.ml Outdated Show resolved Hide resolved
ocaml/xapi/fileserver.ml Outdated Show resolved Hide resolved
psafont
psafont reviewed Nov 29, 2022
View reviewed changes
ocaml/xapi/fileserver.ml Outdated Show resolved Hide resolved
@benjamreis
Copy link
Contributor Author 

File "ocaml/xapi/fileserver.ml", line 97, characters 46-50:
97 |         let dest = Uri.(make ~scheme:"https" ~host ~path |> to_string) in
                                                   ^^^^
Error: This expression has type Uri.t -> string option
       but an expression was expected of type string

It seems to not take the host from the match above.

@psafont
Copy link
Member

psafont commented Nov 30, 2022
edited
Loading 

File "ocaml/xapi/fileserver.ml", line 97, characters 46-50:
97 |         let dest = Uri.(make ~scheme:"https" ~host ~path |> to_string) in
                                                   ^^^^
Error: This expression has type Uri.t -> string option
       but an expression was expected of type string

It seems to not take the host from the match above.

Because Uri is open, host is actually Uri.host, and path is actually Uri.path. A correct expression is:

let dest = Uri.make ~scheme:"https" ~host ~path () |> Uri.to_string

@benjamreis
Copy link
Contributor Author 

File "ocaml/xapi/fileserver.ml", line 97, characters 19-55:
97 |         let dest = Uri.make ~scheme:"https" ~host ~path |> Uri.to_string in
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Warning 5 [ignored-partial-application]: this function application is partial,
maybe some arguments are missing.
File "ocaml/xapi/fileserver.ml", line 97, characters [19](https://github.com/xapi-project/xen-api/actions/runs/3581868804/jobs/6025428280#step:11:20)-55:
97 |         let dest = Uri.make ~scheme:"https" ~host ~path |> Uri.to_string in
                        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Should I add a ignore around it?
Since other args are optionnal this shoulddn't be a problem right?

@lindig
Copy link
Contributor

lindig commented Nov 30, 2022

You need a unit () argument:

 utop # Uri.make;;
- : ?scheme:string ->
    ?userinfo:string ->
    ?host:string ->
    ?port:int ->
    ?path:string ->
    ?query:(string * string list) list -> ?fragment:string -> unit -> Uri.t

@benjamreis
Copy link
Contributor Author

Thanks, it seems I need a bit more coffee this morning ^^'

@lindig
Copy link
Contributor

lindig commented Nov 30, 2022

"A function taking some optional arguments must also take at least one non-optional argument."

@benjamreis benjamreis marked this pull request as ready for review November 30, 2022 12:45
@benjamreis
Copy link
Contributor Author

Okay so testing was successful :) This is good to go for us!

@benjamreis
Redirect fileserver towards https
df511a3 
- Add `location` to `Http.Request.Hdr`
- Add `response_redirect` method to `http-svr`
- When `GET` is received by the fileserver and `website-https-only` is true:
    - if `host` is filled in the request, redirect towards the same URI but in HTTPS
    - if `host` is not present, reply with a forbidden as before

Solves xapi-project#4856

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
@psafont psafont merged commit c7eea2c into xapi-project:master Dec 1, 2022
@psafont psafont deleted the redirect_fileserver_https branch December 1, 2022 13:16
benjamreis added a commit to xcp-ng-rpms/xapi that referenced this pull request Dec 1, 2022
@benjamreis
Redirect fileserver towards https
83445db 
xapi-project/xen-api#4859

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
benjamreis added a commit to xcp-ng-rpms/xapi that referenced this pull request Dec 1, 2022
@benjamreis
Redirect fileserver towards HTTPS
17cbc3e 
xapi-project/xen-api#4859

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
@benjamreis benjamreis mentioned this pull request Dec 1, 2022
Merged
benjamreis added a commit to xcp-ng-rpms/ocaml-xen-api-libs-transitional that referenced this pull request Dec 2, 2022
@benjamreis
Redirect fileserver towards HTTPS
2415d73 
Partial backport of xapi-project/xen-api#4859
Other part is in xcp-ng-rpms/xapi#35

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
benjamreis added a commit to xcp-ng-rpms/xapi that referenced this pull request Dec 2, 2022
@benjamreis
Redirect fileserver towards https
d5a8d5a 
Partial backport of xapi-project/xen-api#4859
Other part in xcp-ng-rpms/ocaml-xen-api-libs-transitional#4

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
stormi pushed a commit to xcp-ng-rpms/xapi that referenced this pull request Dec 5, 2022
@benjamreis
Redirect fileserver towards HTTPS (#35)
a99d9ca 
xapi-project/xen-api#4859

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
stormi pushed a commit to xcp-ng-rpms/ocaml-xen-api-libs-transitional that referenced this pull request Dec 5, 2022
@benjamreis
Redirect fileserver towards HTTPS (#4)
3582c72 
Partial backport of xapi-project/xen-api#4859
Other part is in xcp-ng-rpms/xapi#35

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
stormi pushed a commit to xcp-ng-rpms/xapi that referenced this pull request Dec 5, 2022
@benjamreis
Redirect fileserver towards https (#36)
a5ed207 
Partial backport of xapi-project/xen-api#4859
Other part in xcp-ng-rpms/ocaml-xen-api-libs-transitional#4

Signed-off-by: BenjiReis <benjamin.reis@vates.fr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@psafont psafont psafont approved these changes

@lindig lindig lindig approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@benjamreis @psafont @lindig