[bugfix] Set the `Host` header within the signing transport (#2799)

author: kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com> 2024-04-02 13:28:36 +0100
committer: GitHub <noreply@github.com> 2024-04-02 14:28:36 +0200
commit: e664d0918b2ea004a2498cb67a6e0b4b3b3666f3 (patch)
tree: 39b85b1a9ad67ac3ac6bae348e43e01de46993ed /internal
parent: [bugfix] httpclient not signing subsequent redirect requests (#2798) (diff)
download: gotosocial-e664d0918b2ea004a2498cb67a6e0b4b3b3666f3.tar.xz
7 files changed, 3 insertions, 9 deletions
diff --git a/internal/httpclient/sign.go b/internal/httpclient/sign.go
index 8e66d1bda..6b561c45a 100644
--- a/internal/httpclient/sign.go
+++ b/internal/httpclient/sign.go
@@ -37,6 +37,9 @@ type signingtransport struct {
 }
 
 func (t *signingtransport) RoundTrip(r *http.Request) (*http.Response, error) {
+	// Ensure updated host always set.
+	r.Header.Set("Host", r.URL.Host)
+
 	if sign := gtscontext.HTTPClientSignFunc(r.Context()); sign != nil {
 		// Reset signing header fields
 		now := time.Now().UTC()
diff --git a/internal/processing/admin/debug_apurl.go b/internal/processing/admin/debug_apurl.go
index d308ff7eb..db3c60d0c 100644
--- a/internal/processing/admin/debug_apurl.go
+++ b/internal/processing/admin/debug_apurl.go
@@ -97,7 +97,6 @@ func (p *Processor) DebugAPUrl(
 
 	req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON))
 	req.Header.Add("Accept-Charset", "utf-8")
-	req.Header.Set("Host", url.Host)
 
 	// Perform the HTTP request,
 	// and return everything.
diff --git a/internal/transport/deliver.go b/internal/transport/deliver.go
index 71b065719..fe4d04582 100644
--- a/internal/transport/deliver.go
+++ b/internal/transport/deliver.go
@@ -120,7 +120,6 @@ func (t *transport) deliver(ctx context.Context, b []byte, to *url.URL) error {
 
 	req.Header.Add("Content-Type", string(apiutil.AppActivityLDJSON))
 	req.Header.Add("Accept-Charset", "utf-8")
-	req.Header.Set("Host", to.Host)
 
 	rsp, err := t.POST(req, b)
 	if err != nil {
diff --git a/internal/transport/dereference.go b/internal/transport/dereference.go
index efd3f0fbf..952791f70 100644
--- a/internal/transport/dereference.go
+++ b/internal/transport/dereference.go
@@ -54,7 +54,6 @@ func (t *transport) Dereference(ctx context.Context, iri *url.URL) (*http.Respon
 
 	req.Header.Add("Accept", string(apiutil.AppActivityLDJSON)+","+string(apiutil.AppActivityJSON))
 	req.Header.Add("Accept-Charset", "utf-8")
-	req.Header.Set("Host", iri.Host)
 
 	// Perform the HTTP request
 	rsp, err := t.GET(req)
diff --git a/internal/transport/derefinstance.go b/internal/transport/derefinstance.go
index 439c5ae23..bbeb51000 100644
--- a/internal/transport/derefinstance.go
+++ b/internal/transport/derefinstance.go
@@ -93,7 +93,6 @@ func dereferenceByAPIV1Instance(ctx context.Context, t *transport, iri *url.URL)
 	}
 
 	req.Header.Add("Accept", string(apiutil.AppJSON))
-	req.Header.Set("Host", cleanIRI.Host)
 
 	resp, err := t.GET(req)
 	if err != nil {
@@ -250,7 +249,6 @@ func callNodeInfoWellKnown(ctx context.Context, t *transport, iri *url.URL) (*ur
 		return nil, err
 	}
 	req.Header.Add("Accept", string(apiutil.AppJSON))
-	req.Header.Set("Host", cleanIRI.Host)
 
 	resp, err := t.GET(req)
 	if err != nil {
@@ -308,7 +306,6 @@ func callNodeInfo(ctx context.Context, t *transport, iri *url.URL) (*apimodel.No
 		return nil, err
 	}
 	req.Header.Add("Accept", string(apiutil.AppJSON))
-	req.Header.Set("Host", iri.Host)
 
 	resp, err := t.GET(req)
 	if err != nil {
diff --git a/internal/transport/derefmedia.go b/internal/transport/derefmedia.go
index 76dfd37ea..265a9e77e 100644
--- a/internal/transport/derefmedia.go
+++ b/internal/transport/derefmedia.go
@@ -36,7 +36,6 @@ func (t *transport) DereferenceMedia(ctx context.Context, iri *url.URL) (io.Read
 		return nil, 0, err
 	}
 	req.Header.Add("Accept", "*/*") // we don't know what kind of media we're going to get here
-	req.Header.Set("Host", iri.Host)
 
 	// Perform the HTTP request
 	rsp, err := t.GET(req)
diff --git a/internal/transport/finger.go b/internal/transport/finger.go
index 9bcb0fa7e..12563874c 100644
--- a/internal/transport/finger.go
+++ b/internal/transport/finger.go
@@ -68,7 +68,6 @@ func prepWebfingerReq(ctx context.Context, loc, domain, username string) (*http.
 	// including Gin itself. So concat the accept header with a comma
 	// instead which seems to work reliably
 	req.Header.Add("Accept", string(apiutil.AppJRDJSON)+","+string(apiutil.AppJSON))
-	req.Header.Set("Host", req.URL.Host)
 
 	return req, nil
 }
@@ -187,7 +186,6 @@ func (t *transport) webfingerFromHostMeta(ctx context.Context, targetDomain stri
 	// We're doing XML
 	req.Header.Add("Accept", string(apiutil.AppXML))
 	req.Header.Add("Accept", "application/xrd+xml")
-	req.Header.Set("Host", req.URL.Host)
 
 	// Perform the HTTP request
 	rsp, err := t.GET(req)
author	kim <89579420+NyaaaWhatsUpDoc@users.noreply.github.com>	2024-04-02 13:28:36 +0100
committer	GitHub <noreply@github.com>	2024-04-02 14:28:36 +0200
commit	e664d0918b2ea004a2498cb67a6e0b4b3b3666f3 (patch)
tree	39b85b1a9ad67ac3ac6bae348e43e01de46993ed /internal
parent	[bugfix] httpclient not signing subsequent redirect requests (#2798) (diff)
download	gotosocial-e664d0918b2ea004a2498cb67a6e0b4b3b3666f3.tar.xz