Fix redirect on login for instances behind reverse proxies (#6371)

* Fix redirect on login for instances On instances where base_url has been set for use behind a reverse proxy, logins are incorrectly redirected. This happens because REQUEST_URI is set by the proxy: 1. librenms has base_url set to http://site.com/nms/ 2. Browser requests http://site.com/nms/ 3. nginx reverse proxies /nms/ to librenms at http://somehost:1234/ 4. librenms sees REQUEST_URI as "/" 5. librenms logs the user in, but sends "Location: /" to the browser. This redirects to the wrong location. To resolve, concatenate REQUEST_URI (which is relative) to base_url. As base_url is slash-terminated, crop the trailing slash. This should have no effect on users with default settings and will correctly redirect instances behind reverse proxies. * I agree to the conditions of the Contributor Agreement contained in doc/General/Contributing.md. * Adding comment explaining redirect logic on login * Use rtrim instead of substr
2024-10-07 16:52:45 +00:00 · 2017-04-06 04:11:39 -05:00
parent 699e99e795
commit 02017068e7
2 changed files with 3 additions and 1 deletions
--- a/html/includes/authenticate.inc.php
+++ b/html/includes/authenticate.inc.php
@@ -96,7 +96,8 @@ if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token

        $permissions = permissions_cache($_SESSION['user_id']);
        if (isset($_POST['username'])) {
-            header('Location: '.$_SERVER['REQUEST_URI'] ?: $config['base_url'], true, 303);
+            // Trim the trailing slash off of base_url and concatenate the (relative) REQUEST_URI
+            header('Location: '.rtrim($config['base_url'], '/').$_SERVER['REQUEST_URI'], true, 303);
            exit;
        }
    } elseif (isset($_SESSION['username'])) {