mirror of
https://github.com/Cleanuparr/Cleanuparr.git
synced 2026-05-09 15:24:00 -04:00
30 lines
1.0 KiB
C#
30 lines
1.0 KiB
C#
namespace Cleanuparr.Api.Extensions;
|
|
|
|
public static class HttpRequestExtensions
|
|
{
|
|
/// <summary>
|
|
/// Returns the request PathBase as a safe relative path.
|
|
/// Rejects absolute URLs (e.g. "://" or "//") to prevent open redirect attacks.
|
|
/// </summary>
|
|
public static string GetSafeBasePath(this HttpRequest request)
|
|
{
|
|
var basePath = request.PathBase.Value?.TrimEnd('/') ?? "";
|
|
if (basePath.Contains("://") || basePath.StartsWith("//"))
|
|
{
|
|
return "";
|
|
}
|
|
return basePath;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns the external base URL (scheme + host + basePath).
|
|
/// TrustedForwardedHeadersMiddleware has already applied X-Forwarded-Proto and X-Forwarded-Host to <see cref="HttpRequest.Scheme"/> / <see cref="HttpRequest.Host"/>.
|
|
/// </summary>
|
|
public static string GetExternalBaseUrl(this HttpContext context)
|
|
{
|
|
var request = context.Request;
|
|
var basePath = request.GetSafeBasePath();
|
|
return $"{request.Scheme}://{request.Host}{basePath}";
|
|
}
|
|
}
|