From 918bcd6d8efca57e6ff7596c64a9834482641d29 Mon Sep 17 00:00:00 2001
From: Hans Zandbelt <hans.zandbelt@openidc.com>
Date: Wed, 28 Aug 2024 11:21:38 +0200
Subject: [PATCH] add some resilience when both Forwarded and X-Forwarded-* are
 configured

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
---
 ChangeLog  | 1 +
 src/util.c | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index a5513d65..a55b25bd 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,7 @@
 08/28/2024
 - re-introduce OIDCSessionMaxDuration 0; see #1252
 - bump to 2.4.16.2dev
+- add some resilience when both Forwarded and X-Forwarded-* are configured
 
 08/26/2024
 - fix parsing OIDCXForwardedHeaders; closes #1250; thanks @maltesmann
diff --git a/src/util.c b/src/util.c
index 4386f8b6..8b21bc9d 100644
--- a/src/util.c
+++ b/src/util.c
@@ -653,7 +653,7 @@ static const char *oidc_util_current_url_scheme(const request_rec *r, oidc_hdr_x
 
 	if (x_forwarded_headers & OIDC_HDR_FORWARDED)
 		scheme_str = oidc_http_hdr_forwarded_get(r, "proto");
-	else if (x_forwarded_headers & OIDC_HDR_X_FORWARDED_PROTO)
+	if ((scheme_str == NULL) && (x_forwarded_headers & OIDC_HDR_X_FORWARDED_PROTO))
 		scheme_str = oidc_http_hdr_in_x_forwarded_proto_get(r);
 
 	/* if not we'll determine the scheme used to connect to this server */
@@ -722,7 +722,7 @@ static const char *oidc_get_current_url_port(const request_rec *r, const char *s
 
 	if (x_forwarded_headers & OIDC_HDR_FORWARDED)
 		host_hdr = oidc_http_hdr_forwarded_get(r, "host");
-	else if (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST)
+	if ((host_hdr == NULL) && (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST))
 		host_hdr = oidc_http_hdr_in_x_forwarded_host_get(r);
 
 	if (host_hdr) {
@@ -782,7 +782,7 @@ const char *oidc_util_current_url_host(request_rec *r, oidc_hdr_x_forwarded_t x_
 
 	if (x_forwarded_headers & OIDC_HDR_FORWARDED)
 		host_str = oidc_http_hdr_forwarded_get(r, "host");
-	else if (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST)
+	if ((host_str == NULL) && (x_forwarded_headers & OIDC_HDR_X_FORWARDED_HOST))
 		host_str = oidc_http_hdr_in_x_forwarded_host_get(r);
 
 	if (host_str == NULL)