Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore Cloudflare Priority header #851

Merged
merged 2 commits into from
Sep 24, 2023
Merged

Ignore Cloudflare Priority header #851

merged 2 commits into from
Sep 24, 2023

Conversation

gusdleon
Copy link
Contributor

@gusdleon gusdleon commented Aug 29, 2023
edited
Loading

Refine handling of HTTP Priority header

Part of: #351, #353, #461, ...

This PR improves the handling of the new HTTP Priority header (RFC 9218) commonly affecting ntfy instances running behind Cloudflare.

Changes:

  • Now if the received PUT/POST request contains the mentioned header simply ignores it and continues searching for another header or query parameter
  • This PR reverts some changes in 95bd876

A working instance with this fix can be tested Here
😀

@gusdleon
Ignore Cloudflare Priority header
30a913c 
With these changes, If the web request contains the new Priority header (RFC 9218), The server will ignore it and continue searching for other headers or query parameters.
@danricho
Copy link

danricho commented Sep 1, 2023

+1 for this as it would enable me to use NTFY with Uptime Kuma behind cloudflare. It inherently sets the priority of alerts which don’t come through on iOS properly.

binwiederhier
binwiederhier requested changes Sep 3, 2023
View reviewed changes
server/util.go Outdated Show resolved Hide resolved
server/util.go Show resolved Hide resolved
server/util.go Outdated
}
return decoded
return cloudflarePriorityIgnore(decoded)
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This function is used not just by the priority, but also by other headers. So one could not use a notification title u=hello anymore. Why not keep this logic only in the parsePrio function like it was before?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry sorry sorry 🤯
Sorry for the error, I was so focussed trying to solve specifically the problem with the CF priority header that I didn't think about the possibility of another header having a value starting with u=, even knowing this function is used with with all headers.

Why not keep this logic only in the parsePrio function like it was before?

You mean this?

ntfy/util/util.go

Lines 163 to 170 in 2305ebc

default:
// Ignore new HTTP Priority header (see https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-priority)
// Cloudflare adds this to requests when forwarding to the backend (ntfy), so we just ignore it.
if strings.HasPrefix(p, "u=") {
return 3, nil
}
return 0, errInvalidPriority
}

Well, if you're referring to that part of the code, it's because at that point of execution, we have already parsed the headers and query parameters. If we find any priority header (priority, x-priority, prio, p), the others will not even be read, including the query parameters.

For instance, if a user is using the web interface to send a notification with priority 5, the request will include a query string like this:
?title=titulodeprueba&priority=5

If we send the request directly to the server, all will be ok, it will work, but if the server is behind CF, it will (in the majority of cases) have the priority:"u=*" header, causing the priority set in the query parameter to be ignored.

Nevertheless, I am fixing this issue in my next commit.
Thank you for all your comments.
😉

@gusdleon
Fix cloudflarePriorityIgnore
85740d8 
- Now, only if the header being processed is the "priority" header, the cloudflarePriorityIgnore function is called, solving problems with that header injected by CF
- we make the check with regex now.
@binwiederhier binwiederhier merged commit 4818ee5 into binwiederhier:main Sep 24, 2023
@binwiederhier
Copy link
Owner

Refined and merged in #895 - Sorry it took so long. Thank you for fixing this!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@binwiederhier binwiederhier Awaiting requested review from binwiederhier

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gusdleon @danricho @binwiederhier