From c2327161f725c820826587381f37d651a2b9736d Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Sat, 19 Mar 2022 22:51:32 -0600
Subject: cmd: Set Origin header properly on API requests

Ref. https://caddy.community/t/bug-in-enforce-origin/15417
---
 cmd/commandfuncs.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'cmd')

diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go
index d308aeb..3323740 100644
--- a/cmd/commandfuncs.go
+++ b/cmd/commandfuncs.go
@@ -650,13 +650,13 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io
 	if err != nil || parsedAddr.PortRangeSize() > 1 {
 		return nil, fmt.Errorf("invalid admin address %s: %v", adminAddr, err)
 	}
-	origin := parsedAddr.JoinHostPort(0)
+	origin := "http://" + parsedAddr.JoinHostPort(0)
 	if parsedAddr.IsUnixNetwork() {
 		origin = "unixsocket" // hack so that http.NewRequest() is happy
 	}
 
 	// form the request
-	req, err := http.NewRequest(method, "http://"+origin+uri, body)
+	req, err := http.NewRequest(method, origin+uri, body)
 	if err != nil {
 		return nil, fmt.Errorf("making request: %v", err)
 	}
-- 
cgit v1.2.3