fix: return descriptive error for relative URLs without Referer header#137
Merged
mms-gianni merged 3 commits intoMay 14, 2026
Conversation
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 4 to 6. - [Release notes](https://github.com/docker/metadata-action/releases) - [Commits](docker/metadata-action@v4...v6) --- updated-dependencies: - dependency-name: docker/metadata-action dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…ions/dot-github/workflows/docker/metadata-action-6 Bump docker/metadata-action from 4 to 6 in /.github/workflows
When a relative URL is requested without a Referer header, the Go HTTP client would return a confusing 'http: no Host in request URL' error. Now a descriptive error is returned explaining the root cause and how to fix it. Similarly, if a referer header lacks a scheme/host (e.g. a relative path), a clear error is returned instead of silently producing an empty host URL. Fixes everywall#75
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
When a relative URL path is requested without a
Refererheader (e.g. issue #75 where a Cloudflare challenge redirect produces/cdn-cgi/challenge-platform/...), the Go HTTP client returns a confusinghttp: no Host in request URLerror with no context.This fix adds two explicit validation checks in
extractUrl:This directly addresses the root cause of issue #75, where the error
http: no Host in request URLmasked that the real problem was the missing Referer header needed to resolve the relative CDN challenge path.Changes
handlers/proxy.go—extractUrl()refererUrl.Scheme/Hostdirectly (was incorrectly usingrealUrlfrom a path-stripped parse of referer)handlers/proxy.test.goTestProxySiteRelativeUrlWithoutReferer— asserts 500 + body contains "Referer" hint when no Referer is providedTestProxySiteRelativeUrlWithRefererMissingHost— asserts 500 + helpful error when Referer is a relative pathVerification
Go is not installed in this environment. Logic was verified via manual code review and diff inspection. Tests require
go test ./handlers/...to be run by the maintainer or CI.Fixes #75