Skip to content

Commit 7817814

Browse files
committed
fix: allow internal metrics scrapes without ssl redirect
1 parent 47dffd1 commit 7817814

2 files changed

Lines changed: 23 additions & 0 deletions

File tree

config/prod.exs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ config :codex_pooler, CodexPoolerWeb.Endpoint,
88
rewrite_on: [:x_forwarded_host, :x_forwarded_port, :x_forwarded_proto],
99
exclude: [
1010
hosts: ["localhost", "127.0.0.1"],
11+
paths: ["/metrics"],
1112
conn: {CodexPoolerWeb.Plugs.ForwardedSSL, :websocket_over_forwarded_ssl?, []}
1213
]
1314
]

test/codex_pooler_web/controllers/browser/browser_security_headers_test.exs

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -93,6 +93,17 @@ defmodule CodexPoolerWeb.Browser.BrowserSecurityHeadersTest do
9393
refute conn.status == 301
9494
end
9595

96+
test "production Plug.SSL allows internal metrics scrapes without redirecting" do
97+
opts = Plug.SSL.init(production_force_ssl_options!())
98+
99+
conn = build_conn(:get, "/metrics")
100+
101+
conn = Plug.SSL.call(conn, opts)
102+
103+
refute conn.halted
104+
refute conn.status == 301
105+
end
106+
96107
test "Plug.SSL still redirects non-websocket forwarded HTTP requests" do
97108
opts =
98109
Plug.SSL.init(
@@ -163,4 +174,15 @@ defmodule CodexPoolerWeb.Browser.BrowserSecurityHeadersTest do
163174

164175
defp restore_env(key, nil), do: Application.delete_env(:codex_pooler, key)
165176
defp restore_env(key, value), do: Application.put_env(:codex_pooler, key, value)
177+
178+
defp production_force_ssl_options! do
179+
endpoint_config =
180+
File.cwd!()
181+
|> Path.join("config/prod.exs")
182+
|> Config.Reader.read!()
183+
|> Keyword.fetch!(:codex_pooler)
184+
|> Keyword.fetch!(CodexPoolerWeb.Endpoint)
185+
186+
Keyword.fetch!(endpoint_config, :force_ssl)
187+
end
166188
end

0 commit comments

Comments
 (0)