From: Dylan Hardison <dylan@hardison.net>
Date: Sat, 16 May 2020 02:25:32 +0000 (-0400)
Subject: Earlier sanity check on reverse proxy settings
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0bb987288796564a718e44da7f563e294f601863;p=thirdparty%2Fbugzilla.git

Earlier sanity check on reverse proxy settings
---

diff --git a/Bugzilla/App/Plugin/Hostage.pm b/Bugzilla/App/Plugin/Hostage.pm
index fdf044e49..30afa6530 100644
--- a/Bugzilla/App/Plugin/Hostage.pm
+++ b/Bugzilla/App/Plugin/Hostage.pm
@@ -37,6 +37,8 @@ sub _before_routes {
   state $attachment_base       = Bugzilla->localconfig->attachment_base;
   state $attachment_root       = _attachment_root($attachment_base);
   state $attachment_host_regex = _attachment_host_regex($attachment_base);
+  state $urlbase_is_https      = $urlbase =~ /^https/;
+  state $behind_proxy          = Bugzilla->localconfig->inbound_proxies;
 
   my $stash = $c->stash;
   my $req   = $c->req;
@@ -51,6 +53,22 @@ sub _before_routes {
   }
 
   return if $stash->{'mojo.static'};
+
+  if ($urlbase_is_https && $behind_proxy && !$req->is_secure) {
+    my $error = "Reverse Proxy is Misconfigured";
+    $c->render(text => $error, status => 500);
+    unless ($ENV{MOJO_REVERSE_PROXY}) {
+      ERROR(
+        "$error: The environmental variable MOJO_REVERSE_PROXY should be set if operating Bugzilla behind a reverse proxy"
+      );
+    }
+    else {
+      ERROR(
+        "$error: Check that X-Forwarded-Proto and similar headers are being sent.");
+    }
+    return;
+  }
+
   return if $hostname eq $urlbase_host;
 
   my $path = $url->path;