From c3625aed872e46092b3766df19b9b6fca2a7553a Mon Sep 17 00:00:00 2001 From: Jeavon Leopold Date: Thu, 28 Oct 2021 14:57:26 +0100 Subject: [PATCH] Fix the basehttpheader so that it's checking the root of the domain instead of /umbraco --- .../Checks/Security/BaseHttpHeaderCheck.cs | 28 ++++++++++--------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs b/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs index fea674e12327..1c5aa308ba99 100644 --- a/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs +++ b/src/Umbraco.Web/HealthCheck/Checks/Security/BaseHttpHeaderCheck.cs @@ -14,8 +14,8 @@ namespace Umbraco.Web.HealthCheck.Checks.Security { public abstract class BaseHttpHeaderCheck : HealthCheck { - protected IRuntimeState Runtime { get; } - protected ILocalizedTextService TextService { get; } + private readonly ILocalizedTextService _textService; + private readonly IRuntimeState _runtime; private const string SetHeaderInConfigAction = "setHeaderInConfig"; @@ -24,14 +24,14 @@ public abstract class BaseHttpHeaderCheck : HealthCheck private readonly string _localizedTextPrefix; private readonly bool _metaTagOptionAvailable; + protected BaseHttpHeaderCheck( IRuntimeState runtime, ILocalizedTextService textService, string header, string value, string localizedTextPrefix, bool metaTagOptionAvailable) { - Runtime = runtime; - TextService = textService ?? throw new ArgumentNullException(nameof(textService)); - + _runtime = runtime; + _textService = textService ?? throw new ArgumentNullException(nameof(textService)); _header = header; _value = value; _localizedTextPrefix = localizedTextPrefix; @@ -70,7 +70,8 @@ protected HealthCheckStatus CheckForHeader() var success = false; // Access the site home page and check for the click-jack protection header or meta tag - var url = Runtime.ApplicationUrl; + var url = _runtime.ApplicationUrl.GetLeftPart(UriPartial.Authority); + var request = WebRequest.Create(url); request.Method = "GET"; try @@ -84,15 +85,16 @@ protected HealthCheckStatus CheckForHeader() if (success == false && _metaTagOptionAvailable) { success = DoMetaTagsContainKeyForHeader(response); + } message = success - ? TextService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderFound") - : TextService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderNotFound"); + ? _textService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderFound") + : _textService.Localize($"healthcheck", $"{_localizedTextPrefix}CheckHeaderNotFound"); } catch (Exception ex) { - message = TextService.Localize("healthcheck", "healthCheckInvalidUrl", new[] { url.ToString(), ex.Message }); + message = _textService.Localize("healthcheck", "healthCheckInvalidUrl", new[] { url.ToString(), ex.Message }); } var actions = new List(); @@ -100,8 +102,8 @@ protected HealthCheckStatus CheckForHeader() { actions.Add(new HealthCheckAction(SetHeaderInConfigAction, Id) { - Name = TextService.Localize("healthcheck", "setHeaderInConfig"), - Description = TextService.Localize($"healthcheck", $"{_localizedTextPrefix}SetHeaderInConfigDescription") + Name = _textService.Localize("healthcheck", "setHeaderInConfig"), + Description = _textService.Localize($"healthcheck", $"{_localizedTextPrefix}SetHeaderInConfigDescription") }); } @@ -149,14 +151,14 @@ private HealthCheckStatus SetHeaderInConfig() if (success) { return - new HealthCheckStatus(TextService.Localize("healthcheck", _localizedTextPrefix + "SetHeaderInConfigSuccess")) + new HealthCheckStatus(_textService.Localize("healthcheck", _localizedTextPrefix + "SetHeaderInConfigSuccess")) { ResultType = StatusResultType.Success }; } return - new HealthCheckStatus(TextService.Localize("healthcheck", "setHeaderInConfigError", new [] { errorMessage })) + new HealthCheckStatus(_textService.Localize("healthcheck", "setHeaderInConfigError", new [] { errorMessage })) { ResultType = StatusResultType.Error };