Page MenuHomePhabricator

D12724.id42224.diff
No OneTemporary

D12724.id42224.diff

diff --git a/keyserver/src/session/cookies.js b/keyserver/src/session/cookies.js
--- a/keyserver/src/session/cookies.js
+++ b/keyserver/src/session/cookies.js
@@ -336,7 +336,7 @@
let ipAddress;
if (proxy === 'none') {
ipAddress = req.socket.remoteAddress;
- } else if (proxy === 'apache') {
+ } else if (proxy === 'apache' || proxy === 'aws') {
ipAddress = req.get('X-Forwarded-For');
}
invariant(ipAddress, 'could not determine requesting IP address');
diff --git a/keyserver/src/utils/security-utils.js b/keyserver/src/utils/security-utils.js
--- a/keyserver/src/utils/security-utils.js
+++ b/keyserver/src/utils/security-utils.js
@@ -6,12 +6,14 @@
function assertSecureRequest(req: $Request) {
const { https, proxy } = getAppURLFactsFromRequestURL(req.originalUrl);
+
if (!https) {
return;
}
if (
(proxy === 'none' && req.protocol !== 'https') ||
- (proxy === 'apache' && req.get('X-Forwarded-SSL') !== 'on')
+ (proxy === 'apache' && req.get('X-Forwarded-SSL') !== 'on') ||
+ (proxy === 'aws' && req.get('X-Forwarded-Proto') !== 'https')
) {
throw new Error('insecure request');
}
diff --git a/keyserver/src/utils/urls.js b/keyserver/src/utils/urls.js
--- a/keyserver/src/utils/urls.js
+++ b/keyserver/src/utils/urls.js
@@ -10,9 +10,9 @@
+basePath: string,
+https: boolean,
+baseRoutePath: string,
- +proxy?: 'apache' | 'none', // defaults to apache
+ +proxy?: 'apache' | 'none' | 'aws', // defaults to apache
};
-const validProxies = new Set(['apache', 'none']);
+const validProxies = new Set(['apache', 'none', 'aws']);
const sitesObj = Object.freeze({
a: 'landing',
b: 'webapp',
diff --git a/services/terraform/self-host/keyserver_primary.tf b/services/terraform/self-host/keyserver_primary.tf
--- a/services/terraform/self-host/keyserver_primary.tf
+++ b/services/terraform/self-host/keyserver_primary.tf
@@ -93,8 +93,8 @@
"baseDomain" : "https://${var.domain_name}",
"basePath" : "/",
"baseRoutePath" : "/",
- "https" : false,
- "proxy" : "none"
+ "https" : true,
+ "proxy" : "aws"
})
},
{
diff --git a/services/terraform/self-host/keyserver_secondary.tf b/services/terraform/self-host/keyserver_secondary.tf
--- a/services/terraform/self-host/keyserver_secondary.tf
+++ b/services/terraform/self-host/keyserver_secondary.tf
@@ -81,8 +81,8 @@
"baseDomain" : "https://${var.domain_name}",
"basePath" : "/",
"baseRoutePath" : "/",
- "https" : false,
- "proxy" : "none"
+ "https" : true,
+ "proxy" : "aws"
})
},
{

File Metadata

Mime Type
text/plain
Expires
Wed, Dec 25, 2:21 AM (3 h, 39 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2701385
Default Alt Text
D12724.id42224.diff (2 KB)

Event Timeline