mirror of
https://github.com/AzuraCast/AzuraCast.git
synced 2024-06-15 05:36:37 +00:00
Make relays an internal URL and prevent :443 infinite redirects.
This commit is contained in:
parent
add13724d1
commit
5a9ec823e4
|
@ -208,6 +208,13 @@ return function(App $app)
|
|||
|
||||
})->add(Middleware\GetStation::class);
|
||||
|
||||
$this->get('/relays', Controller\Api\Admin\RelaysController::class)
|
||||
->setName('api:internal:relays')
|
||||
->add(Middleware\RequireLogin::class);
|
||||
|
||||
$this->post('/relays', Controller\Api\Admin\RelaysController::class.':updateAction')
|
||||
->add(Middleware\RequireLogin::class);
|
||||
|
||||
});
|
||||
|
||||
$this->get('/nowplaying[/{station}]', Controller\Api\NowplayingController::class)
|
||||
|
@ -223,11 +230,9 @@ return function(App $app)
|
|||
$this->get('/permissions', Controller\Api\Admin\PermissionsController::class)
|
||||
->add([Middleware\Permissions::class, Acl::GLOBAL_PERMISSIONS]);
|
||||
|
||||
$this->get('/relays', Controller\Api\Admin\RelaysController::class)
|
||||
->add(Middleware\RequireLogin::class);
|
||||
|
||||
$this->post('/relays', Controller\Api\Admin\RelaysController::class.':updateAction')
|
||||
->add(Middleware\RequireLogin::class);
|
||||
$this->map(['GET', 'POST'], '/relays', function (\App\Http\Request $request, \App\Http\Response $response) {
|
||||
return $response->withRedirect($request->getRouter()->fromHere('api:internal:relays'));
|
||||
});
|
||||
|
||||
$this->group('', function() {
|
||||
/** @var App $this */
|
||||
|
|
|
@ -44,27 +44,14 @@ class EnforceSecurity
|
|||
$csp = [];
|
||||
|
||||
if ($request->isSecure()) {
|
||||
|
||||
$csp[] = 'upgrade-insecure-requests';
|
||||
|
||||
} elseif ($always_use_ssl && !$internal_api_url) {
|
||||
|
||||
// Enforce secure cookies.
|
||||
ini_set('session.cookie_secure', 1);
|
||||
|
||||
// Redirect if URL is not currently secure.
|
||||
if (!$request->isSecure()) {
|
||||
$uri = $request->getUri();
|
||||
if (!$uri->getPort()) {
|
||||
$uri = $uri->withPort(443);
|
||||
}
|
||||
return $response->withRedirect((string)$uri->withScheme('https'), 302);
|
||||
}
|
||||
|
||||
// Set HSTS header.
|
||||
$response = $response->withHeader('Strict-Transport-Security', 'max-age=3600');
|
||||
|
||||
$csp[] = 'upgrade-insecure-requests';
|
||||
|
||||
$response = $response->withHeader('Strict-Transport-Security', 'max-age=3600');
|
||||
} elseif ($always_use_ssl && !$internal_api_url) {
|
||||
return $response->withRedirect((string)$request->getUri()->withScheme('https'), 302);
|
||||
}
|
||||
|
||||
// Set frame-deny header before next middleware, so it can be overwritten.
|
||||
|
|
Loading…
Reference in New Issue
Block a user