Use X-Forwarded-Host as url_root when present (#799)

If Whoogle is accessed on a non-standard port _and_ proxied, this port is lost to the application and `element['src']`s are incorrectly formed (omitting port). HTTP x-Forwarded-Host will contain this front port number in a typical Nginx reverse proxy configuration.
2 years ago · ee2d3726af
parent c1d9373d55
commit ee2d3726af
3 changed files with 18 additions and 2 deletions
--- a/app/routes.py
+++ b/app/routes.py
@ -15,6 +15,7 @@ from app.models.config import Config
 from app.models.endpoint import Endpoint
 from app.request import Request, TorError
 from app.utils.bangs import resolve_bang
+from app.utils.misc import get_proxy_host_url
 from app.filter import Filter
 from app.utils.misc import read_config_bool, get_client_ip, get_request_url, \
    check_for_update
@ -144,10 +145,13 @@ def before_request_func():
        if (not Endpoint.autocomplete.in_path(request.path) and
                not Endpoint.healthz.in_path(request.path) and
                not Endpoint.opensearch.in_path(request.path)):
+            # reconstruct url if X-Forwarded-Host header present
+            request_url = get_proxy_host_url(request,
+                                             get_request_url(request.url))
            return redirect(url_for(
                'session_check',
                session_id=session['uuid'],
-                follow=get_request_url(request.url)), code=307)
+                follow=request_url), code=307)
        else:
            g.user_config = Config(**session['config'])
    elif 'cookies_disabled' not in request.args:
--- a/app/utils/misc.py
+++ b/app/utils/misc.py
@ -35,6 +35,15 @@ def get_request_url(url: str) -> str:
    return url


+def get_proxy_host_url(r: Request, default: str) -> str:
+    scheme = r.headers.get('X-Forwarded-Proto', 'http')
+    http_host = r.headers.get('X-Forwarded-Host')
+    if http_host:
+        return f'{scheme}://{http_host}/'
+
+    return default
+
+
 def check_for_update(version_url: str, current: str) -> int:
    # Check for the latest version of Whoogle
    try:
--- a/app/utils/search.py
+++ b/app/utils/search.py
@ -4,6 +4,7 @@ from typing import Any

 from app.filter import Filter
 from app.request import gen_query
+from app.utils.misc import get_proxy_host_url
 from app.utils.results import get_first_link
 from bs4 import BeautifulSoup as bsoup
 from cryptography.fernet import Fernet, InvalidToken
@ -115,9 +116,11 @@ class Search:

        """
        mobile = 'Android' in self.user_agent or 'iPhone' in self.user_agent
+        # reconstruct url if X-Forwarded-Host header present
+        root_url = get_proxy_host_url(self.request, self.request.url_root)

        content_filter = Filter(self.session_key,
-                                root_url=self.request.url_root,
+                                root_url=root_url,
                                mobile=mobile,
                                config=self.config,
                                query=self.query)