From e217364a46c96240af46cb40da4619b85c370e1a Mon Sep 17 00:00:00 2001
From: Jarek Radosz <jradosz@gmail.com>
Date: Wed, 24 Nov 2021 12:52:25 +0100
Subject: [PATCH] DEV: Fix ember-cli proxy issues (#15071)

* DEV: Fix ember-cli proxy compat with node < 16
* DEV: Fix uploading via ember-cli
* DEV: Fix proxying /logs & other CSP-enabled pages
---
 .../discourse/lib/bootstrap-json/index.js     | 32 ++++++++++++++-----
 1 file changed, 24 insertions(+), 8 deletions(-)

diff --git a/app/assets/javascripts/discourse/lib/bootstrap-json/index.js b/app/assets/javascripts/discourse/lib/bootstrap-json/index.js
index 86f346d34cf..8d25e0c03b8 100644
--- a/app/assets/javascripts/discourse/lib/bootstrap-json/index.js
+++ b/app/assets/javascripts/discourse/lib/bootstrap-json/index.js
@@ -6,7 +6,7 @@ const getJSON = bent("json");
 const { encode } = require("html-entities");
 const cleanBaseURL = require("clean-base-url");
 const path = require("path");
-const fs = require("fs/promises");
+const { promises: fs } = require("fs");
 
 // via https://stackoverflow.com/a/6248722/165668
 function generateUID() {
@@ -240,13 +240,19 @@ async function handleRequest(proxy, baseURL, req, res) {
 
   const { location } = response.headers;
   if (location) {
-    const newLocation = location
-      .replace(req.headers.host, originalHost)
-      .replace(/^https/, "http");
-
+    const newLocation = location.replace(proxy, `http://${originalHost}`);
     res.set("location", newLocation);
   }
 
+  const csp = response.headers["content-security-policy"];
+  if (csp) {
+    const newCSP = csp.replace(
+      new RegExp(proxy, "g"),
+      `http://${originalHost}`
+    );
+    res.set("content-security-policy", newCSP);
+  }
+
   if (response.headers["x-discourse-bootstrap-required"] === "true") {
     const html = await buildFromBootstrap(proxy, baseURL, req, response);
     res.set("content-type", "text/html");
@@ -280,7 +286,9 @@ to serve API requests. For example:
 
     baseURL = rootURL === "" ? "/" : cleanBaseURL(rootURL || baseURL);
 
-    app.use(express.raw({ type: "*/*" }), async (req, res, next) => {
+    const rawMiddleware = express.raw({ type: "*/*", limit: "100mb" });
+
+    app.use(rawMiddleware, async (req, res, next) => {
       try {
         if (this.shouldHandleRequest(req)) {
           await handleRequest(proxy, baseURL, req, res);
@@ -301,12 +309,20 @@ to serve API requests. For example:
   },
 
   shouldHandleRequest(request) {
-    if (request.get("Accept")?.includes("text/html")) {
+    if (request.get("Accept") && request.get("Accept").includes("text/html")) {
       return true;
     }
 
     if (
-      request.get("Content-Type")?.includes("application/x-www-form-urlencoded")
+      request.get("Content-Type") &&
+      request.get("Content-Type").includes("application/x-www-form-urlencoded")
+    ) {
+      return true;
+    }
+
+    if (
+      request.get("Content-Type") &&
+      request.get("Content-Type").includes("multipart/form-data")
     ) {
       return true;
     }