aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Lin <[email protected]>2021-12-29 18:01:32 -0800
committerJeremy Lin <[email protected]>2021-12-30 23:06:52 -0800
commitb7eedbcddc5bc52391472329fa6a43a2c9ae0a94 (patch)
treef190168335c0ee8436d55e61f6d7cd58729c0731
parent920371929bc89f5000d26c55b834148b32c8058f (diff)
downloadvaultwarden-b7eedbcddc5bc52391472329fa6a43a2c9ae0a94.tar.gz
vaultwarden-b7eedbcddc5bc52391472329fa6a43a2c9ae0a94.zip
Add config option to set the HTTP redirect code for external icons
The default code is 307 (temporary) to make it easier to test different icon services, but once a service has been decided on, users should ideally switch to using permanent redirects for cacheability.
-rw-r--r--.env.template9
-rw-r--r--src/api/icons.rs9
-rw-r--r--src/config.rs13
3 files changed, 28 insertions, 3 deletions
diff --git a/.env.template b/.env.template
index 7fcbbfcb..fecac220 100644
--- a/.env.template
+++ b/.env.template
@@ -135,13 +135,20 @@
## which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
##
## `internal` refers to Vaultwarden's built-in icon fetching implementation.
-## If an external service is set, an icon request to Vaultwarden will return an HTTP 307
+## If an external service is set, an icon request to Vaultwarden will return an HTTP
## redirect to the corresponding icon at the external service. An external service may
## be useful if your Vaultwarden instance has no external network connectivity, or if
## you are concerned that someone may probe your instance to try to detect whether icons
## for certain sites have been cached.
# ICON_SERVICE=internal
+## Icon redirect code
+## The HTTP status code to use for redirects to an external icon service.
+## The supported codes are 307 (temporary) and 308 (permanent).
+## Temporary redirects are useful while testing different icon services, but once a service
+## has been decided on, consider using permanent redirects for cacheability.
+# ICON_REDIRECT_CODE=307
+
## Disable icon downloading
## Set to true to disable icon downloading in the internal icon service.
## This still serves existing icons from $ICON_CACHE_FOLDER, without generating any external
diff --git a/src/api/icons.rs b/src/api/icons.rs
index 3d1de094..4e8c753a 100644
--- a/src/api/icons.rs
+++ b/src/api/icons.rs
@@ -71,7 +71,14 @@ fn icon_redirect(domain: &str, template: &str) -> Option<Redirect> {
}
let url = template.replace("{}", domain);
- Some(Redirect::temporary(url))
+ match CONFIG.icon_redirect_code() {
+ 308 => Some(Redirect::permanent(url)),
+ 307 => Some(Redirect::temporary(url)),
+ _ => {
+ error!("Unexpected redirect code {}", CONFIG.icon_redirect_code());
+ None
+ }
+ }
}
#[get("/<domain>/icon.png")]
diff --git a/src/config.rs b/src/config.rs
index 5bbe8575..9554aee3 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -454,9 +454,14 @@ make_config! {
/// To specify a custom icon service, set a URL template with exactly one instance of `{}`,
/// which is replaced with the domain. For example: `https://icon.example.com/domain/{}`.
/// `internal` refers to Vaultwarden's built-in icon fetching implementation. If an external
- /// service is set, an icon request to Vaultwarden will return an HTTP 307 redirect to the
+ /// service is set, an icon request to Vaultwarden will return an HTTP redirect to the
/// corresponding icon at the external service.
icon_service: String, false, def, "internal".to_string();
+ /// Icon redirect code |> The HTTP status code to use for redirects to an external icon service.
+ /// The supported codes are 307 (temporary) and 308 (permanent).
+ /// Temporary redirects are useful while testing different icon services, but once a service
+ /// has been decided on, consider using permanent redirects for cacheability.
+ icon_redirect_code: u32, true, def, 307;
/// Positive icon cache expiry |> Number of seconds to consider that an already cached icon is fresh. After this period, the icon will be redownloaded
icon_cache_ttl: u64, true, def, 2_592_000;
/// Negative icon cache expiry |> Number of seconds before trying to download an icon that failed again.
@@ -693,6 +698,12 @@ fn validate_config(cfg: &ConfigItems) -> Result<(), Error> {
}
}
+ // Check if the icon redirect code is valid
+ match cfg.icon_redirect_code {
+ 307 | 308 => (),
+ _ => err!("Only HTTP 307/308 redirects are supported"),
+ }
+
Ok(())
}