You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am running a dream server under a lighttpd proxy. The lighttpd is listening on https to the outer world but communicates in http internally with the dream server. This confuses the ORC because it seens a request with a host 'https://host' but is a http server. I was wondering if we could add a parameter to origin_referrer_check to skip the check of the schemes?
Anyways, thanks for the wonderful work on dream.
The text was updated successfully, but these errors were encountered:
Thanks @asmanur for the report and @gstrauss for the suggestion! I'm looking for a bit of time to actually try this out and consider what's the best way to address it.
I encountered the same issue with an nginx proxy terminating the tls for a dream backend.
Counter-intuitively while trying to get the headers to match I got this error:
Origin-Host mismatch: 'https://aaa.bbb.org.uk:8000' vs. 'https://aaa.bbb.org.uk:8000'
That was because the actual scheme in the Origin header isn't compared to the Host header but to Helpers.tls request which presumably is false because dream isn't handling the tls.
For anyone who comes across the same issue, the config for nginx needed to be:
Personally, I think just a note in the e-json example would be enough to cover this issue. You could include the example config fragments - with apache/haproxy examples too that would cover most people I suspect.
Hello,
I am running a dream server under a lighttpd proxy. The lighttpd is listening on https to the outer world but communicates in http internally with the dream server. This confuses the ORC because it seens a request with a host 'https://host' but is a http server. I was wondering if we could add a parameter to origin_referrer_check to skip the check of the schemes?
Anyways, thanks for the wonderful work on dream.
The text was updated successfully, but these errors were encountered: