cmd: Set Origin header properly on API requests

Ref. https://caddy.community/t/bug-in-enforce-origin/15417
This commit is contained in:
Matthew Holt 2022-03-19 22:51:32 -06:00
parent c5fffb4ac2
commit c2327161f7
No known key found for this signature in database
GPG key ID: 2A349DD577D586A5

View file

@ -650,13 +650,13 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io
if err != nil || parsedAddr.PortRangeSize() > 1 {
return nil, fmt.Errorf("invalid admin address %s: %v", adminAddr, err)
}
origin := parsedAddr.JoinHostPort(0)
origin := "http://" + parsedAddr.JoinHostPort(0)
if parsedAddr.IsUnixNetwork() {
origin = "unixsocket" // hack so that http.NewRequest() is happy
}
// form the request
req, err := http.NewRequest(method, "http://"+origin+uri, body)
req, err := http.NewRequest(method, origin+uri, body)
if err != nil {
return nil, fmt.Errorf("making request: %v", err)
}