about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorVika Shleina <vika@fireburn.ru>2021-07-19 09:36:45 +0300
committerVika Shleina <vika@fireburn.ru>2021-07-19 09:39:32 +0300
commit8399371adc5c48e1847061deee1936c0d64f2a85 (patch)
treeabcadaf26d196a62ba8f54318a7eb87d4141ce86 /src
parent32023fc003618ef0500d0c94217435089cfd1b81 (diff)
downloadkittybox-8399371adc5c48e1847061deee1936c0d64f2a85.tar.zst
Replaced scheme with HTTPS in frontend to prevent weird things
Diffstat (limited to 'src')
-rw-r--r--src/frontend/mod.rs15
-rw-r--r--src/indieauth.rs2
2 files changed, 11 insertions, 6 deletions
diff --git a/src/frontend/mod.rs b/src/frontend/mod.rs
index 28c4c15..a92d769 100644
--- a/src/frontend/mod.rs
+++ b/src/frontend/mod.rs
@@ -703,12 +703,15 @@ struct OnboardingData {
 pub async fn onboarding_receiver<S: Storage>(mut req: Request<ApplicationState<S>>) -> Result {
     use serde_json::json;
 
+    <AsMut<tide::http::Request>>::as_mut(&mut req).url_mut().set_scheme("https");
+
     let body = req.body_json::<OnboardingData>().await?;
     let backend = &req.state().storage;
+
     #[cfg(any(not(debug_assertions), test))]
     let me = req.url();
     #[cfg(all(debug_assertions, not(test)))]
-    let me = url::Url::parse("http://localhost:8080/").unwrap();
+    let me = url::Url::parse("https://localhost:8080/").unwrap();
 
     if get_post_from_database(backend, me.as_str(), None, &None)
         .await
@@ -778,7 +781,8 @@ pub async fn coffee<S: Storage>(_: Request<ApplicationState<S>>) -> Result {
     .into())
 }
 
-pub async fn mainpage<S: Storage>(req: Request<ApplicationState<S>>) -> Result {
+pub async fn mainpage<S: Storage>(mut req: Request<ApplicationState<S>>) -> Result {
+    <AsMut<tide::http::Request>>::as_mut(&mut req).url_mut().set_scheme("https");
     let backend = &req.state().storage;
     let query = req.query::<QueryParams>()?;
     let authorization_endpoint = req.state().authorization_endpoint.to_string();
@@ -788,7 +792,7 @@ pub async fn mainpage<S: Storage>(req: Request<ApplicationState<S>>) -> Result {
     #[cfg(any(not(debug_assertions), test))]
     let url = req.url();
     #[cfg(all(debug_assertions, not(test)))]
-    let url = url::Url::parse("http://localhost:8080/").unwrap();
+    let url = url::Url::parse("https://localhost:8080/").unwrap();
 
     info!("Request at {}", url);
     let hcard_url = url.as_str();
@@ -852,16 +856,17 @@ pub async fn mainpage<S: Storage>(req: Request<ApplicationState<S>>) -> Result {
     }
 }
 
-pub async fn render_post<S: Storage>(req: Request<ApplicationState<S>>) -> Result {
+pub async fn render_post<S: Storage>(mut req: Request<ApplicationState<S>>) -> Result {
     let query = req.query::<QueryParams>()?;
     let authorization_endpoint = req.state().authorization_endpoint.to_string();
     let token_endpoint = req.state().token_endpoint.to_string();
     let user: Option<String> = None;
 
+    <AsMut<tide::http::Request>>::as_mut(&mut req).url_mut().set_scheme("https");
     #[cfg(any(not(debug_assertions), test))]
     let url = req.url();
     #[cfg(all(debug_assertions, not(test)))]
-    let url = url::Url::parse("http://localhost:8080/")
+    let url = url::Url::parse("https://localhost:8080/")
         .unwrap()
         .join(req.url().path())
         .unwrap();
diff --git a/src/indieauth.rs b/src/indieauth.rs
index 7a2a07e..27e545d 100644
--- a/src/indieauth.rs
+++ b/src/indieauth.rs
@@ -141,7 +141,7 @@ where
         next: Next<'_, ApplicationState<B>>,
     ) -> Result {
         req.set_ext(User::new(
-            "http://localhost:8080/",
+            "https://localhost:8080/",
             "https://curl.haxx.se/",
             "create update delete undelete media",
         ));