search

tus / tusd

Reference server implementation in Go of tus: the open protocol for resumable file uploads
https://tus.github.io/tusd
MIT License
2.93k stars 465 forks source link

Tus returning http in initial response causing redirect to https to strip authorization headers #1086

Closed Nealsoni00 closed 3 months ago

Nealsoni00 commented 4 months ago

Describe the bug Initial request returning HTTP URL when initially made with HTTPS:

Request 1

Subsequent request using HTTP first, then redirecting to HTTPS without authorization header:

Request 2

As a result of the HTTP return, the client is redirecting the request to be HTTPS which is stripping the authorization header from the request, resulting in the server returning an unauthorized request.

Expected behavior The initial response would return https not HTTP.

I assume these lines have something to do with it: https://github.com/tus/tusd/blob/62965e768dc16aa56af36487f897bf2d764a8a91/pkg/handler/unrouted_handler.go#L1244-L1248

But i know the initial request is made using HTTPS. Please advise :)

Setup details Please provide following details, if applicable to your situation:

Acconut commented 4 months ago

This usually happens when a proxy is used and tusd and the proxy are not configured properly. Please read https://github.com/tus/tusd/blob/main/docs/faq.md#can-i-run-tusd-behind-a-reverse-proxy

muthu3107 commented 3 months ago

@Nealsoni00 I recently encountered the same error, and configuring the Absolute URL in the Tusd config during initialization resolved the issue for me.

Sample conf:

tusd.NewUnroutedHandler(tusd.Config{
        BasePath:                   "https://youactualpublicdomain/uploadserver/tusops",
        StoreComposer:              composer,
        NotifyCompleteUploads:   true,
        PreUploadCreateCallback: c.PreUploadCreateCallback,
    })

P.s., The HTTPS redirection is likely due to proxy security configurations. Any HTTP request is automatically redirected to HTTPS. In our case, we had an Apache reverse proxy where our server administrator had configured a Rewrite Rule to enforce this redirection.

Acconut commented 3 months ago

If a proxy is used, the proxy and tusd must always be configured according to https://tus.github.io/tusd/getting-started/configuration/#proxies. If not, you will see such errors. @muthu3107 I don't see a RespectForwardedHeaders field in your config. This is likely the cause for your issues. If the problems persist, please open a new issue.