Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: 将 referrer policy 修改为 same-origin #814

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: 将 referrer policy 修改为 same-origin #814

wants to merge 1 commit into from

Conversation

sheey11
Copy link

@sheey11 sheey11 commented Feb 12, 2025
edited
Loading

我尝试把 nas-tools 反向代理到 https://domain.com/nas-tools/ 下,但 nas-tools 本身不支持反代到某个路径下,所以尝试判断 Referer 请求头进行 workaround(若 Referer 以 https://domain.com/nas-tools 为开头则反代到 localhost:3000),但是 nas-tools 把 Referrer-Policy 设置为了 never。修改为 same-origin 后,只会向网站源域名/端口发送 Referer 请求头,跨站请求时不会发送,保证域名不会泄露。

判断 Referer workaround

以 Caddy 为例

@nastoolsReferer `{header.Referer}.startsWith("https://your.domain.com/nas-tools") && !path("/nas-tools/*")`
@nastoolsPath `path("/nas-tools/*")`

handle @nastoolsReferer {
    respond 302
    header Location "https://your.domain.com/nas-tools{uri}"
}
handle @nastoolsPath {
    uri strip_prefix /nas-tools
    reverse_proxy 127.0.0.1:5001 {
        header_down Referrer-Policy "same-origin"
        @redir status 301 302 308
        handle_response @redir {
            header >Location "(.*)" "/nas-tools$1"
            copy_response
        }
    }
}

@sheey11 sheey11 marked this pull request as ready for review February 12, 2025 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@sheey11