From 5300f381b000417027c148f1de6596324fbca814 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Wed, 16 Oct 2024 15:37:44 +0200
Subject: [PATCH] nginx: use safer request_uri variable

Fix >> Problem: [http_splitting] Possible HTTP-Splitting vulnerability.
https://github.com/yandex/gixy/blob/master/docs/en/plugins/httpsplitting.md
---
 modules/nginx-mastodon-files/default.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nginx-mastodon-files/default.nix b/modules/nginx-mastodon-files/default.nix
index a4ddca4..8a62d35 100644
--- a/modules/nginx-mastodon-files/default.nix
+++ b/modules/nginx-mastodon-files/default.nix
@@ -44,7 +44,7 @@ in
             proxy_hide_header x-amz-bucket-region;
             proxy_hide_header x-amzn-requestid;
             proxy_ignore_headers Set-Cookie;
-            proxy_pass $s3_backend$uri;
+            proxy_pass $s3_backend$request_uri;
             proxy_intercept_errors off;
             proxy_ssl_protocols TLSv1.2 TLSv1.3;
             proxy_ssl_server_name on;