simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

media-proxy: Unset referer for same-site requests

Browse source 
The qBittorrent WebUI does not work with it set to a different host than
the target. This implementation does not compromise security, because
the referer is only unset if the real referer was the locally proxied
page. All other referers are passed through verbatim.
This commit is contained in:
Simon Bruder 2022-03-18 23:25:23 +01:00
parent a9b6a17818
commit 0e3bd19aa8
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
modules/media-proxy.nix
View file

@ -20,6 +20,12 @@ in
systemd.services.nginx.after = [ "network-online.target" ]; systemd.services.nginx.after = [ "network-online.target" ];
services.nginx = { services.nginx = {
enable = true; enable = true;
commonHttpConfig = ''
map $http_referer $media_proxy_referer {
~^http://localhost:8888/ "";
default $http_referer;
}
'';
virtualHosts.media-proxy = { virtualHosts.media-proxy = {
serverName = "localhost"; serverName = "localhost";
listen = [ listen = [
@ -40,6 +46,8 @@ in
proxy_buffering off; proxy_buffering off;
include ${secret}; include ${secret};
charset utf-8; charset utf-8;
proxy_set_header Referer $media_proxy_referer;
proxy_set_header Origin $media_proxy_referer;
''; '';
}; };
}) })