Add detect_base_url config

This diff adds the detect_base_url config, controlled by the
DETECT_BASE_URL env variable. When set to true, the BASE_URL setting is
ignored, and the base_url is derived from the request protocol and host
header.

Test Plan: Started up a local instance in my homelab, running docker
node:15 image with a nginx reverse proxy. Configured nginx to use the
same backend with multiple hostnames on https. Opened in browser and
confirmed og:url meta tag uses correct url.
This commit is contained in:
Cullen Walsh 2021-05-05 21:15:02 -07:00
parent 385ac595b9
commit 02e8cb264f
3 changed files with 29 additions and 8 deletions

View file

@ -130,6 +130,11 @@ const conf = convict({
default: 'https://send.firefox.com',
env: 'BASE_URL'
},
detect_base_url: {
format: Boolean,
default: false,
env: 'DETECT_BASE_URL'
},
file_dir: {
format: 'String',
default: `${tmpdir()}${path.sep}send-${randomBytes(4).toString('hex')}`,
@ -206,4 +211,18 @@ const conf = convict({
conf.validate({ allowed: 'strict' });
const props = conf.getProperties();
module.exports = props;
const deriveBaseUrl = (req) => {
if (props.detect_base_url) {
const protocol = req.secure ? 'https://' : 'http://';
return `${protocol}${req.headers.host}`;
} else {
return props.base_url;
}
};
module.exports = {
...props,
deriveBaseUrl,
};

View file

@ -36,9 +36,14 @@ module.exports = function(app) {
defaultSrc: ["'self'"],
connectSrc: [
"'self'",
config.base_url.replace(/^https:\/\//, 'wss://')
function(req) {
const baseUrl = config.deriveBaseUrl(req);
const r = baseUrl.replace(/^http(s?):\/\//, 'ws$1://');
console.log([baseUrl, r]);
return r;
}
],
imgSrc: ["'self'", "data:"],
imgSrc: ["'self'", 'data:'],
scriptSrc: [
"'self'",
function(req) {
@ -52,10 +57,6 @@ module.exports = function(app) {
}
};
csp.directives.connectSrc.push(
config.base_url.replace(/^https:\/\//, 'wss://')
);
app.use(helmet.contentSecurityPolicy(csp));
}

View file

@ -23,6 +23,7 @@ module.exports = async function(req) {
if (config.survey_url) {
prefs.surveyUrl = config.survey_url;
}
const baseUrl = config.deriveBaseUrl(req);
return {
archive: {
numFiles: 0
@ -33,7 +34,7 @@ module.exports = async function(req) {
title: 'Send',
description:
'Encrypt and send files with a link that automatically expires to ensure your important documents dont stay online forever.',
baseUrl: config.base_url,
baseUrl,
ui: {},
storage: {
files: []