nginx_proxy: Fix issue #3132 #3356
Conversation
![home-assistant[bot]](https://avatars.githubusercontent.com/in/97978?s=60&v=4){kind=small}
|
Please take a look at the requested changes, and use the Ready for review button when you are done, thanks 👍 |
home-assistant
bot
added
cla-recheck
cla-signed
and removed
cla-recheck
cla-needed
labels
|
Nice catch! Without understanding too much here, from this StackOverflow thread it seems that another difference is that $http_host is from the client request. Can it be trusted? 🤔 |
|
Please also bump the version in config.yaml and add your change to |
|
I updated the changelog and bumped the version, following the example from the v3.4.0 release, which was somewhat similar. Regarding the safety considerations of the change: both $host and $http_host use values provided by the client, so there isn't much of a change (other than adding the port). Of course neither value can be trusted, but we're merely forwarding them to the addon, which can receive them directly from a client when not using the proxy, so AFAIK we shouldn't be creating any new problems by doing this. |
Issue #3132, affecting nginx_proxy, has been causing other addons to break for a long time. For example, part of the esphome addon is not usable through the nginx_proxy because of this bug. All the details are in the issue.
The fix is very simple: replace $host with $http_host, so the port gets included and the socket connection is not detected as cross-origin.
I've had this fix applied on a custom config since the issue was opened, without any problems, but I think it would be nice to fix it here for everyone.