diff options
| author | Francis Lavoie <lavofr@gmail.com> | 2022-06-22 15:01:57 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-22 15:01:57 -0400 |
| commit | 25f10511e7ef80c10493519499c479f6ffa49a0f (patch) | |
| tree | 3782d1a974fa433250db2b413dd812b9329fcd08 /modules/caddyhttp/reverseproxy | |
| parent | b6e96fa3c5fcb7601142b8ad569793a1b9c2c5eb (diff) | |
reverseproxy: Fix panic when TLS is not configured (#4848)
* reverseproxy: Fix panic when TLS is not configured
* Refactor and simplify setScheme
Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
Diffstat (limited to 'modules/caddyhttp/reverseproxy')
| -rw-r--r-- | modules/caddyhttp/reverseproxy/httptransport.go | 39 |
1 files changed, 23 insertions, 16 deletions
diff --git a/modules/caddyhttp/reverseproxy/httptransport.go b/modules/caddyhttp/reverseproxy/httptransport.go index 1fac420..94a0938 100644 --- a/modules/caddyhttp/reverseproxy/httptransport.go +++ b/modules/caddyhttp/reverseproxy/httptransport.go @@ -281,7 +281,7 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { repl := req.Context().Value(caddy.ReplacerCtxKey).(*caddy.Replacer) transport := h.replaceTLSServername(repl) - transport.SetScheme(req) + transport.setScheme(req) // if H2C ("HTTP/2 over cleartext") is enabled and the upstream request is // HTTP without TLS, use the alternate H2C-capable transport instead @@ -292,27 +292,34 @@ func (h *HTTPTransport) RoundTrip(req *http.Request) (*http.Response, error) { return transport.Transport.RoundTrip(req) } -// SetScheme ensures that the outbound request req +// setScheme ensures that the outbound request req // has the scheme set in its URL; the underlying // http.Transport requires a scheme to be set. -func (h *HTTPTransport) SetScheme(req *http.Request) { - skipTLSport := false - if h.TLS.ExceptPorts != nil { - port := req.URL.Port() - for i := range h.TLS.ExceptPorts { - if h.TLS.ExceptPorts[i] == port { - skipTLSport = true - break - } - } +func (h *HTTPTransport) setScheme(req *http.Request) { + if req.URL.Scheme != "" { + return } - - if req.URL.Scheme == "" { + if h.shouldUseTLS(req) { + req.URL.Scheme = "https" + } else { req.URL.Scheme = "http" - if h.TLS != nil && !skipTLSport { - req.URL.Scheme = "https" + } +} + +// shouldUseTLS returns true if TLS should be used for req. +func (h *HTTPTransport) shouldUseTLS(req *http.Request) bool { + if h.TLS == nil { + return false + } + + port := req.URL.Port() + for i := range h.TLS.ExceptPorts { + if h.TLS.ExceptPorts[i] == port { + return false } } + + return true } // TLSEnabled returns true if TLS is enabled. |