mirror of
https://github.com/mudler/LocalAI.git
synced 2026-05-16 20:52:08 -04:00
c2fe0a6475
* fix(http): honor X-Forwarded-Prefix when proxy strips the prefix Closes #9145. Two related issues kept the React UI from loading when a reverse proxy rewrites a sub-path with prefix-stripping (e.g. Caddy `handle_path`): 1. `BaseURL` only computed a prefix from the path StripPathPrefix had removed, so when the proxy strips the prefix before forwarding, the request arrives without it and the base URL was returned without a prefix. Extract a `BasePathPrefix` helper and add an `X-Forwarded-Prefix` header fallback so the prefix is recovered. 2. `<base href>` only changes how relative URLs resolve; the build emits path-absolute references like `/assets/...` and `/favicon.svg`, which still resolve against the origin and bypass the proxy prefix. Rewrite those references in the served `index.html` so the browser requests them through the proxy. Adds unit coverage for `BaseURL` with a pre-stripped path and an end-to-end test for the proxy-stripped scenario. Assisted-by: Claude:claude-opus-4-7 * fix(http): gate X-Forwarded-Prefix through SafeForwardedPrefix in BasePathPrefix BasePathPrefix consumed X-Forwarded-Prefix directly, so a value the codebase elsewhere rejects (e.g. "//evil.com") slipped through and was interpolated into the SPA index.html — both into the path-absolute asset URL rewrite in serveIndex (turning "/assets/..." into "//evil.com/assets/...", a protocol-relative URL that loads JS from a foreign origin) and into <base href>. Route the header through the existing SafeForwardedPrefix validator that StripPathPrefix and prefixRedirect already use, and HTML-escape the prefix before injecting it into the asset rewrite as defense in depth against attribute breakout. Tests cover //evil.com, backslashes, control chars, CR/LF and a missing leading slash; the integration test asserts an unsafe prefix can't poison asset URLs. Signed-off-by: Ettore Di Giacinto <mudler@localai.io> Assisted-by: claude-code:claude-opus-4-7-1m [Read] [Edit] [Bash] --------- Signed-off-by: Ettore Di Giacinto <mudler@localai.io> Co-authored-by: Ettore Di Giacinto <mudler@localai.io>
139 lines
4.4 KiB
Go
139 lines
4.4 KiB
Go
package middleware
|
|
|
|
import (
|
|
"net/http/httptest"
|
|
|
|
"github.com/labstack/echo/v4"
|
|
. "github.com/onsi/ginkgo/v2"
|
|
. "github.com/onsi/gomega"
|
|
)
|
|
|
|
var _ = Describe("BaseURL", func() {
|
|
Context("without prefix", func() {
|
|
It("should return base URL without prefix", func() {
|
|
app := echo.New()
|
|
actualURL := ""
|
|
|
|
// Register route - use the actual request path so routing works
|
|
routePath := "/hello/world"
|
|
app.GET(routePath, func(c echo.Context) error {
|
|
actualURL = BaseURL(c)
|
|
return nil
|
|
})
|
|
|
|
req := httptest.NewRequest("GET", "/hello/world", nil)
|
|
rec := httptest.NewRecorder()
|
|
app.ServeHTTP(rec, req)
|
|
|
|
Expect(rec.Code).To(Equal(200), "response status code")
|
|
Expect(actualURL).To(Equal("http://example.com/"), "base URL")
|
|
})
|
|
})
|
|
|
|
Context("with prefix", func() {
|
|
It("should return base URL with prefix", func() {
|
|
app := echo.New()
|
|
actualURL := ""
|
|
|
|
// Register route with the stripped path (after middleware removes prefix)
|
|
routePath := "/hello/world"
|
|
app.GET(routePath, func(c echo.Context) error {
|
|
// Simulate what StripPathPrefix middleware does - store original path
|
|
c.Set("_original_path", "/myprefix/hello/world")
|
|
// Modify the request path to simulate prefix stripping
|
|
c.Request().URL.Path = "/hello/world"
|
|
actualURL = BaseURL(c)
|
|
return nil
|
|
})
|
|
|
|
// Make request with stripped path (middleware would have already processed it)
|
|
req := httptest.NewRequest("GET", "/hello/world", nil)
|
|
rec := httptest.NewRecorder()
|
|
app.ServeHTTP(rec, req)
|
|
|
|
Expect(rec.Code).To(Equal(200), "response status code")
|
|
Expect(actualURL).To(Equal("http://example.com/myprefix/"), "base URL")
|
|
})
|
|
})
|
|
|
|
// Caddy's handle_path (and similar reverse-proxy directives) strips the
|
|
// matched prefix before forwarding upstream, so LocalAI receives the
|
|
// already-stripped path together with X-Forwarded-Prefix. In that case
|
|
// StripPathPrefix never stores _original_path, but BaseURL must still
|
|
// honor the header so that <base href> and asset URLs include the prefix.
|
|
Context("with X-Forwarded-Prefix header but pre-stripped path", func() {
|
|
It("should return base URL with prefix from header", func() {
|
|
app := echo.New()
|
|
actualURL := ""
|
|
|
|
routePath := "/app"
|
|
app.GET(routePath, func(c echo.Context) error {
|
|
actualURL = BaseURL(c)
|
|
return nil
|
|
})
|
|
|
|
req := httptest.NewRequest("GET", "/app", nil)
|
|
req.Header.Set("X-Forwarded-Prefix", "/localai")
|
|
rec := httptest.NewRecorder()
|
|
app.ServeHTTP(rec, req)
|
|
|
|
Expect(rec.Code).To(Equal(200), "response status code")
|
|
Expect(actualURL).To(Equal("http://example.com/localai/"), "base URL")
|
|
})
|
|
|
|
It("should normalize a prefix that already ends with a slash", func() {
|
|
app := echo.New()
|
|
actualURL := ""
|
|
|
|
routePath := "/app"
|
|
app.GET(routePath, func(c echo.Context) error {
|
|
actualURL = BaseURL(c)
|
|
return nil
|
|
})
|
|
|
|
req := httptest.NewRequest("GET", "/app", nil)
|
|
req.Header.Set("X-Forwarded-Prefix", "/localai/")
|
|
rec := httptest.NewRecorder()
|
|
app.ServeHTTP(rec, req)
|
|
|
|
Expect(rec.Code).To(Equal(200), "response status code")
|
|
Expect(actualURL).To(Equal("http://example.com/localai/"), "base URL")
|
|
})
|
|
})
|
|
|
|
// X-Forwarded-Prefix is attacker controllable on misconfigured proxy
|
|
// chains, and the value flows into the SPA HTML response (<base href>
|
|
// and asset URLs). BasePathPrefix must gate the header through
|
|
// SafeForwardedPrefix so values that turn the prefix into an open
|
|
// redirect or a protocol-relative URL are ignored and the base falls
|
|
// back to "/".
|
|
Context("with unsafe X-Forwarded-Prefix header", func() {
|
|
DescribeTable("falls back to / when the header is unsafe",
|
|
func(header string) {
|
|
app := echo.New()
|
|
actualURL := ""
|
|
|
|
app.GET("/app", func(c echo.Context) error {
|
|
actualURL = BaseURL(c)
|
|
return nil
|
|
})
|
|
|
|
req := httptest.NewRequest("GET", "/app", nil)
|
|
req.Header.Set("X-Forwarded-Prefix", header)
|
|
rec := httptest.NewRecorder()
|
|
app.ServeHTTP(rec, req)
|
|
|
|
Expect(rec.Code).To(Equal(200), "response status code")
|
|
Expect(actualURL).To(Equal("http://example.com/"), "base URL")
|
|
},
|
|
Entry("protocol-relative URL", "//evil.com"),
|
|
Entry("protocol-relative URL with path", "//evil.com/assets"),
|
|
Entry("backslash path", `/foo\bar`),
|
|
Entry("embedded NUL", "/foo\x00bar"),
|
|
Entry("CR injection", "/foo\rbar"),
|
|
Entry("LF injection", "/foo\nbar"),
|
|
Entry("missing leading slash", "evil"),
|
|
)
|
|
})
|
|
})
|