plone/volto

Middleware proxy doesn't change the host header so can't be used with an API on a shared IP

djay opened this issue · 2 comments

djay commented

Describe the bug
The middleware proxy in volto breaks with a connection refused if you the api path is set to api that uses the host header to direct the request.

To Reproduce

  1. Deploy the plone backend behind a proxy that uses a host header to direct the request. Say api.myapp
  2. Deploy the volto frontend to www.myapp and set the RAZZLE_API_PATH=https://api.myapp
  3. Requests to https://api.myapp/++api++ will fail (because they will be sent with "Host: www.myapp" not "Host: api.myapp".

Expected behavior

Set the right host header.

volto/packages/volto/src/express-middleware/devproxy.js

Line 49 in a34da0b

onProxyReq: (proxyReq, req, res) => {

Should also probably set X-Forwarded-Host etc - https://jdudzik.medium.com/posthog-reverse-proxy-with-node-express-js-480c1372f608

Screenshots
N/A

Software (please complete the following information):

  • OS: [e.g. iOS]
  • Browser [e.g. chrome, safari]
  • Volto Version [e.g. 8.5.0]
  • Plone Version [e.g. 5.2.2]
  • Plone REST API Version [e.g. 7.0.1]

Additional context
Add any other context about the problem here.

viveak910 commented

I can work on this issue

viveak910 commented

Hey, I fixed the issue with the Host header! The problem was that the proxy was sending requests with the wrong Host, so I updated the onProxyReq function to set it correctly to the API backend (api.myapp). Now, requests are going to the right place, and the “connection refused” error should be gone.

Let me know if it works for you!