77222991c2d7a215751e3b8300777d75ee7b318d — Rob Prentiss 17 days ago 6cd557e
Check for X-Forwarded-Proto in getRootURL

Currently, 'getRootURL' is configured to only use 'https' for the proto
when the request is using TLS. This is not actually achievable when
using a reverse proxy for TLS termination, so the root URL never has
'https' for the proto.

This commit adds a checks for a protocol hint in the 'X-Forwarded-Proto'
proxy header. If that header is found, the value will be used for the
1 files changed, 6 insertions(+), 2 deletions(-)

M internal/server/http.go
M internal/server/http.go => internal/server/http.go +6 -2
@@ 300,10 300,14 @@ func (s *Server) serveAbout(resp http.ResponseWriter, req *http.Request) error {

func getRootURL(req *http.Request) string {
	host := req.Host
	proto := "http"
	if req.TLS != nil {
		return fmt.Sprintf("https://%s", strings.TrimSuffix(req.Host, ":443"))
		proto = "https"
	} else if forwardedProto := req.Header.Get("X-Forwarded-Proto"); forwardedProto != "" {
		proto = forwardedProto
	return fmt.Sprintf("http://%s", strings.TrimSuffix(req.Host, ":80"))
	return fmt.Sprintf("%s://%s", proto, host)

func (s *Server) serveOpenSearch(resp http.ResponseWriter, req *http.Request) error {