From c2327161f725c820826587381f37d651a2b9736d Mon Sep 17 00:00:00 2001 From: Matthew Holt Date: Sat, 19 Mar 2022 22:51:32 -0600 Subject: [PATCH] cmd: Set Origin header properly on API requests Ref. https://caddy.community/t/bug-in-enforce-origin/15417 --- cmd/commandfuncs.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cmd/commandfuncs.go b/cmd/commandfuncs.go index d308aeb8a..332374013 100644 --- a/cmd/commandfuncs.go +++ b/cmd/commandfuncs.go @@ -650,13 +650,13 @@ func AdminAPIRequest(adminAddr, method, uri string, headers http.Header, body io if err != nil || parsedAddr.PortRangeSize() > 1 { return nil, fmt.Errorf("invalid admin address %s: %v", adminAddr, err) } - origin := parsedAddr.JoinHostPort(0) + origin := "http://" + parsedAddr.JoinHostPort(0) if parsedAddr.IsUnixNetwork() { origin = "unixsocket" // hack so that http.NewRequest() is happy } // form the request - req, err := http.NewRequest(method, "http://"+origin+uri, body) + req, err := http.NewRequest(method, origin+uri, body) if err != nil { return nil, fmt.Errorf("making request: %v", err) }