Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RedirectRule not respecting configured scheme #41707

Open
1 task done
ADBailey opened this issue May 17, 2022 · 4 comments · Fixed by #41745
Open
1 task done

RedirectRule not respecting configured scheme #41707

ADBailey opened this issue May 17, 2022 · 4 comments · Fixed by #41745
Assignees
@adityamandaleeka
Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions investigate
Milestone
6.0.x

Comments

@ADBailey
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When using Microsoft.AspNetCore.Rewrite to configure a Redirect, the scheme configured in the redirect is ignored and replaced with the scheme that was used for the original request. For example, a redirect rule to http://www.example.com will actually redirect to https://www.example.com if your endpoint was served over HTTPS, while a redirect rule to https://www.example.com will actually redirect to http://www.example.com if your endpoint was served over HTTP.

This was a breaking change for us on moving from .NET Core 3.1 to .NET 6.

The behaviour occurs at line 100 of RedirectRule, and appears to have been introduced in this commit of 21st April 2021.

Expected Behavior

The scheme configured in the redirect should be respected, as in .NET Core 3.1, to continue to allow redirects to URLs with a different scheme to the receiving endpoint.

Steps To Reproduce

In ASP.NET Core middleware configuration/start-up (e.g. on the vanilla ASP.NET Core Web API template in Visual Studio):

var options = new RewriteOptions().AddRedirect("test", "http://www.example.com");
app.UseRewriter(options);

Now, when running locally over HTTPS, send a request to https://localhost:[port]/test. An HTTP 302 is returned with the header location: https://www.example.com, despite the configuration.

Equivalently, replace http://www.example.com in the configuration with https://www.example.com and access over HTTP at http://localhost:[port]/test. An HTTP 302 is returned with the header location: http://www.example.com, despite the configuration.

Exceptions (if any)

No response

.NET Version

6.0.203

Anything else?

ASP.NET Core runtime version 6.0.5.
@mjb95
Copy link

mjb95 commented May 17, 2022

I am seeing the same issue.

@adityamandaleeka adityamandaleeka added this to the 7.0-preview6 milestone May 18, 2022
@adityamandaleeka
Copy link
Member

Thanks, we'll investigate this.

@adityamandaleeka adityamandaleeka self-assigned this May 19, 2022
@adityamandaleeka adityamandaleeka mentioned this issue May 19, 2022
Merged
@adityamandaleeka
Copy link
Member

Reopening to consider for servicing.

@adityamandaleeka adityamandaleeka modified the milestones: 7.0-preview5, 6.0.x May 19, 2022
@alons1
Copy link

alons1 commented Aug 9, 2023

I'm facing a similar issue with .NET core 6
I have an IIS rewrite rule and when I access my webAPI under that rule and one of it's methods is trying to redirect to an external url, it replaces the external hostname with the current one.

Any workaround?

@amcasey amcasey added area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions and removed area-runtime labels Aug 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adityamandaleeka adityamandaleeka

Labels
area-networking Includes servers, yarp, json patch, bedrock, websockets, http client factory, and http abstractions investigate
Projects
None yet
Milestone
6.0.x
Development

Successfully merging a pull request may close this issue.

Make RedirectRule honor specified scheme adityamandaleeka/aspnetcore
6 participants
@adityamandaleeka @ADBailey @mjb95 @javiercn @amcasey @alons1