Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable RejectInsecureRequest middleware on unix sockets #1259



None yet
2 participants
Copy link

commented Jan 16, 2019

Proposed changes

RejectInsecureRequests handler fails for requests via socket because the remote address is @.
We should not reject insecure requests coming in via unix socket as there is no TLS support anyways.

{"error":"address @: missing port in address","level":"warning","msg":"Could not serve http connection","time":"2019-01-16T08:39:17Z"}
{"code":502,"details":{},"error":"Can not serve request over insecure http","level":"error","msg":"An error occurred while handling a request","reason":"","request-id":"","status":"","time":"2019-01-16T08:39:17Z", "trace":"
Stack trace:*Handler).RejectInsecureRequests


  • I have read the contributing guidelines
  • I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security
    vulnerability, I confirm that I got green light (please contact from the maintainers to push the changes.
  • I signed the Developer's Certificate of Origin
    by signing my commit(s). You can amend your signature to the most recent commit by using git commit --amend -s. If you
    amend the commit, you might need to force push using git push --force HEAD:<branch>. Please be very careful when using
    force push.
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation within the code base (if appropriate)
  • I have documented my changes in the developer guide (if appropriate)
Disable RejectInsecureRequest middleware on unix sockets
We should not reject insecure requests coming in via unix socket as
there is no TLS support anyways.

Signed-off-by: Janis Meybohm <>

This comment has been minimized.

Copy link

commented Jan 17, 2019

Thank you!

@aeneasr aeneasr merged commit af125b3 into ory:master Jan 17, 2019

2 of 3 checks passed

ci/circleci: test Your tests failed on CircleCI
ci/circleci: format Your tests passed on CircleCI!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.