From edfed24c2757f91608545665292c526b2a6da00f Mon Sep 17 00:00:00 2001 From: Philipp Heckel Date: Fri, 29 Apr 2022 13:23:04 -0400 Subject: [PATCH] Make Upgrade header check for websockets case insensitive, closes #228 --- docs/config.md | 41 +++++++++++++++++++++-------------------- docs/releases.md | 20 +++++++++++++++++--- server/server.go | 2 +- 3 files changed, 39 insertions(+), 24 deletions(-) diff --git a/docs/config.md b/docs/config.md index 44ecc773..6a33def2 100644 --- a/docs/config.md +++ b/docs/config.md @@ -519,24 +519,27 @@ or the root domain: ``` ServerName ntfy.sh - - SetEnv proxy-nokeepalive 1 - SetEnv proxy-sendchunked 1 - + + # Proxy connections to ntfy (requires "a2enmod proxy") ProxyPass / http://127.0.0.1:2586/ ProxyPassReverse / http://127.0.0.1:2586/ - + + SetEnv proxy-nokeepalive 1 + SetEnv proxy-sendchunked 1 + # Higher than the max message size of 4096 bytes LimitRequestBody 102400 - # WebSockets support + # Enable mod_rewrite (requires "a2enmod rewrite") + RewriteEngine on + + # WebSockets support (requires "a2enmod rewrite proxy_wstunnel") RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L] # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want # it to work with curl without the annoying https:// prefix - RewriteEngine on RewriteCond %{REQUEST_METHOD} GET RewriteRule ^/([-_A-Za-z0-9]{0,64})$ https://%{SERVER_NAME}/$1 [R,L] @@ -548,26 +551,24 @@ or the root domain: SSLCertificateFile /etc/letsencrypt/live/ntfy.sh/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/ntfy.sh/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf - - SetEnv proxy-nokeepalive 1 - SetEnv proxy-sendchunked 1 - + + # Proxy connections to ntfy (requires "a2enmod proxy") ProxyPass / http://127.0.0.1:2586/ ProxyPassReverse / http://127.0.0.1:2586/ - + + SetEnv proxy-nokeepalive 1 + SetEnv proxy-sendchunked 1 + # Higher than the max message size of 4096 bytes LimitRequestBody 102400 - # WebSockets support + # Enable mod_rewrite (requires "a2enmod rewrite") + RewriteEngine on + + # WebSockets support (requires "a2enmod rewrite proxy_wstunnel") RewriteCond %{HTTP:Upgrade} websocket [NC] RewriteCond %{HTTP:Connection} upgrade [NC] - RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L] - - # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want - # it to work with curl without the annoying https:// prefix - RewriteEngine on - RewriteCond %{REQUEST_METHOD} GET - RewriteRule ^/([-_A-Za-z0-9]{0,64})$ https://%{SERVER_NAME}/$1 [R,L] + RewriteRule ^/?(.*) "ws://127.0.0.1:2586/$1" [P,L] ``` diff --git a/docs/releases.md b/docs/releases.md index c44577bd..63a1d84b 100644 --- a/docs/releases.md +++ b/docs/releases.md @@ -6,9 +6,19 @@ and the [ntfy Android app](https://github.com/binwiederhier/ntfy-android/release ## ntfy Android app v1.13.0 (UNRELEASED) -Bugs: -* Accurate naming of "mute notifications" from "pause notifications" ([#224](https://github.com/binwiederhier/ntfy/issues/224), - thanks to [@shadow00](https://github.com/shadow00) for reporting) +**Features:** + +* Cards in notification detail view ([#175](https://github.com/binwiederhier/ntfy/issues/224), thanks to [@cmeis](https://github.com/cmeis) for reporting) + +**Bugs:** + +* Accurate naming of "mute notifications" from "pause notifications" ([#224](https://github.com/binwiederhier/ntfy/issues/224), thanks to [@shadow00](https://github.com/shadow00) for reporting) +* Make messages with links selectable ([#226](https://github.com/binwiederhier/ntfy/issues/226), thanks to [@StoyanDimitrov](https://github.com/StoyanDimitrov) for reporting) + +**Thanks for testing:** + +Thanks to [@cmeis](https://github.com/cmeis), [@StoyanDimitrov](https://github.com/StoyanDimitrov), [@Fallenbagel](https://github.com/Fallenbagel) for testing, and +to [@Joeharrison94](https://github.com/Joeharrison94) for the input. ## ntfy server v1.22.0 (UNRELEASED) @@ -16,6 +26,10 @@ Bugs: * Better parsing of the user actions, allowing quotes (no ticket) +**Bugs:** + +* `Upgrade` header check is now case in-sensitive ([#228](https://github.com/binwiederhier/ntfy/issues/228), thanks to [@wunter8](https://github.com/wunter8) for finding it) + --> ## ntfy Android app v1.12.0 diff --git a/server/server.go b/server/server.go index f4369f89..4b40db45 100644 --- a/server/server.go +++ b/server/server.go @@ -739,7 +739,7 @@ func (s *Server) handleSubscribeHTTP(w http.ResponseWriter, r *http.Request, v * } func (s *Server) handleSubscribeWS(w http.ResponseWriter, r *http.Request, v *visitor) error { - if r.Header.Get("Upgrade") != "websocket" { + if strings.ToLower(r.Header.Get("Upgrade")) != "websocket" { return errHTTPBadRequestWebSocketsUpgradeHeaderMissing } if err := v.SubscriptionAllowed(); err != nil {