Open dli7319 opened 1 year ago
dli7319
commented
1 year ago Quick fix in cps/reverseproxy.py
servr = environ.get('HTTP_X_FORWARDED_HOST', '').replace(', ', ',').split(',')
if servr and sevr[0]:
environ['HTTP_HOST'] = servr[0]
self.proxied = True
robertmx
commented
1 year ago I got the exact same problem with using the suggested docker image linuxserver/calibre-web behind an apache reverse proxy. It seems, that the docker image picks up the x-forwarded-for header and breaks the redirect. So the problem in #1444 just got a lot more common, when using the docker image with an external proxy.
robertmx
commented
1 year ago NB: The fix here as mentioned in #1444 is to unset the x-forwarded-for header or apply the patch above by @dli7319 .
Describe the bug/problem When using multiple reverse proxies, the host names are entered into the X-Forwarded-Host header. Since this is read as a string, we get 302 redirects with comma-separated locations. This is a duplicate of #1444 which I don't believe was fixed.
In my use case, I have calibre-web behind ingress-nginx and buzzfeed/sso.
To Reproduce Launch calibre-web behind multiple reverse proxies which both append to X-Fowarded-Host
Logfile
Expected behavior After login or logout, I should get redirected to the proper webpage. Instead I get redirected to https://calibre.davidl.me%2Ccalibre.davidl.me.
Screenshots
Environment (please complete the following information):
Additional context In the #1444, it is mentioned that the reverse proxy code is copied from flask documentation. Presumably this is
cps/reverseproxy.py. However, the current documentation suggests using some middleware which seemingly does parse X-Forwarded-Host properly.