Unix.ADDR_UNIX _ -> true
| Unix.ADDR_INET _ -> false
+(** Calls coming directly into xapi on port 80 from remote IPs are unencrypted *)
+let is_unencrypted s =
+ match Unix.getpeername s with
+ | Unix.ADDR_UNIX _ -> false
+ | Unix.ADDR_INET (addr, _) when addr = Unix.inet_addr_loopback -> false
+ | Unix.ADDR_INET _ -> true
+
+
let preauth ~__context =
match __context.origin with
Internal -> false
(** [is_unix_socket fd] *)
val is_unix_socket : Unix.file_descr -> bool
+(** [is_unencrypted fd] returns true if the calling connection is not encrypted *)
+val is_unencrypted : Unix.file_descr -> bool
+
(** [preauth ~__context] *)
val preauth : __context:t -> bool
raise e)
let return_302_redirect (req: request) s address =
- let url = Printf.sprintf "https://%s%s?%s" address req.uri (String.concat "&" (List.map (fun (a,b) -> a^"="^b) req.query)) in
+ let url = Printf.sprintf "%s://%s%s?%s" (if Context.is_unencrypted s then "http" else "https") address req.uri (String.concat "&" (List.map (fun (a,b) -> a^"="^b) req.query)) in
let headers = Http.http_302_redirect url in
debug "HTTP 302 redirect to: %s" url;
Http_svr.headers s headers
projects / xcp / xen-api.git / commitdiff