New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HSTS redirects to wrong url on non standard port #42
Comments
Mmm... what would you expect? |
As cherokee is waiting for a http connection on this port and the browser is waiting for a tls connection, the user is sent to nowhere. It would be correct to send him to https://webserver.com/ or to be able to specify the port, where he should be sent to. The http port is wrong in all cases. |
My guestimate is that https is just 'replaced' before it, and the fact that a port specified is ignored. But imagine the following usecase: what if cherokee would send the user to the first TLS port available from the bindings list?
I see a lot of non-trivial issues that could potentially arrise and must be documented. And I suggestion for a default behavior with multiple bindings is appreciated :-) |
A redirection ignoring the port would be better in any case as cherokee could not listen to one port as tls and as regular port. So this will always fail. :-) http://webserver.com/ => https://webserver.com/ I think, the easiest solution would be, if you add a field for a redirection, where you can add a full url including the port and if no url is given, the user should be redirected to https without any port. |
Could you validate for us that the following commit implements the desired behavior for now? |
As far as I can say (from my c knowledge), it looks good – but I could not validate all use cases in my environment. You would have to wait till monday for that. 👍 |
I am happy to wait till monday :) |
Sorry, I just forgot to tell you, that it seems to work as expected. 👍 |
Lets close this one, I guess we could figure out some more advanced scheme later. |
I am about to commit a patch which actually could would solve the HTTPS on non-standard ports. It seemed we had the code already for more than two years. |
Hi again,
I run a webserver, where http runs on port 2080 and the user is redirected with ip tables to 127.0.0.1:80, because there are multiple services on port 80. When I turn on HSTS the user is redirected to https://webserver.com:2080/.
I think, this is not intended.
Regards Oliver
The text was updated successfully, but these errors were encountered: