From 493dd6726def8ec8d18cfb691e4eaabc16e2c89a Mon Sep 17 00:00:00 2001
From: Manuel Alejandro de Brito Fontes <aledbf@gmail.com>
Date: Sun, 27 Sep 2020 20:26:39 -0300
Subject: [PATCH] Replace request_uri

---
 rootfs/etc/nginx/lua/lua_ingress.lua      | 10 ++++++++--
 rootfs/etc/nginx/template/nginx.tmpl      | 21 +++++++++++++++------
 test/e2e/annotations/forcesslredirect.go  |  2 +-
 test/e2e/annotations/fromtowwwredirect.go |  6 +++---
 test/e2e/settings/tls.go                  |  6 +++---
 test/e2e/ssl/http_redirect.go             |  2 +-
 6 files changed, 31 insertions(+), 16 deletions(-)

diff --git a/rootfs/etc/nginx/lua/lua_ingress.lua b/rootfs/etc/nginx/lua/lua_ingress.lua
index 49355da7b..dd847cbb4 100644
--- a/rootfs/etc/nginx/lua/lua_ingress.lua
+++ b/rootfs/etc/nginx/lua/lua_ingress.lua
@@ -145,11 +145,17 @@ function _M.rewrite(location_config)
   end
 
   if redirect_to_https(location_config) then
-    local uri = string_format("https://%s%s", redirect_host(), ngx.var.request_uri)
+    local request_uri = ngx.var.request_uri
+    -- do not append a trailing slash on redirects
+    if string.sub(request_uri, -1) == "/" then
+      request_uri = string.sub(request_uri, 1, -2)
+    end
+
+    local uri = string_format("https://%s%s", redirect_host(), request_uri)
 
     if location_config.use_port_in_redirects then
       uri = string_format("https://%s:%s%s", redirect_host(),
-        config.listen_ports.https, ngx.var.request_uri)
+        config.listen_ports.https, request_uri)
     end
 
     ngx_redirect(uri, config.http_redirect_code)
diff --git a/rootfs/etc/nginx/template/nginx.tmpl b/rootfs/etc/nginx/template/nginx.tmpl
index 1091a06d3..989d7c47a 100755
--- a/rootfs/etc/nginx/template/nginx.tmpl
+++ b/rootfs/etc/nginx/template/nginx.tmpl
@@ -554,12 +554,21 @@ http {
         }
         {{ end }}
 
-        {{ if ne $all.ListenPorts.HTTPS 443 }}
-        {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }}
-        return {{ $all.Cfg.HTTPRedirectCode }} $scheme://{{ $redirect.To }}{{ $redirect_port }}$request_uri;
-        {{ else }}
-        return {{ $all.Cfg.HTTPRedirectCode }} $scheme://{{ $redirect.To }}$request_uri;
-        {{ end }}
+        set_by_lua_block $redirect_to {
+            local request_uri = ngx.var.request_uri
+            if string.sub(request_uri, -1) == "/" then
+                request_uri = string.sub(request_uri, 1, -2)
+            end
+
+            {{ if ne $all.ListenPorts.HTTPS 443 }}
+            {{ $redirect_port := (printf ":%v" $all.ListenPorts.HTTPS) }}
+            return string.format("%s://%s%s%s", ngx.var.scheme, "{{ $redirect.To }}", "{{ $redirect_port }}", request_uri)
+            {{ else }}
+            return string.format("%s://%s%s", ngx.var.scheme, "{{ $redirect.To }}", request_uri)
+            {{ end }}
+        }
+
+        return {{ $all.Cfg.HTTPRedirectCode }} $redirect_to;
     }
     ## end server {{ $redirect.From }}
     {{ end }}
diff --git a/test/e2e/annotations/forcesslredirect.go b/test/e2e/annotations/forcesslredirect.go
index 229127cf1..8fa2e8f60 100644
--- a/test/e2e/annotations/forcesslredirect.go
+++ b/test/e2e/annotations/forcesslredirect.go
@@ -46,6 +46,6 @@ var _ = framework.DescribeAnnotation("force-ssl-redirect", func() {
 			WithHeader("Host", host).
 			Expect().
 			Status(http.StatusPermanentRedirect).
-			Header("Location").Equal("https://forcesslredirect.bar.com/")
+			Header("Location").Equal("https://forcesslredirect.bar.com")
 	})
 })
diff --git a/test/e2e/annotations/fromtowwwredirect.go b/test/e2e/annotations/fromtowwwredirect.go
index 6cdfb8b6a..4fb1763b2 100644
--- a/test/e2e/annotations/fromtowwwredirect.go
+++ b/test/e2e/annotations/fromtowwwredirect.go
@@ -49,7 +49,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 		f.WaitForNginxConfiguration(
 			func(cfg string) bool {
 				return strings.Contains(cfg, `server_name www.fromtowwwredirect.bar.com;`) &&
-					strings.Contains(cfg, `return 308 $scheme://fromtowwwredirect.bar.com$request_uri;`)
+					strings.Contains(cfg, `return 308 $redirect_to;`)
 			})
 
 		ginkgo.By("sending request to www.fromtowwwredirect.bar.com")
@@ -85,7 +85,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 		f.WaitForNginxServer(toHost,
 			func(server string) bool {
 				return strings.Contains(server, fmt.Sprintf(`server_name %v;`, toHost)) &&
-					strings.Contains(server, fmt.Sprintf(`return 308 $scheme://%v$request_uri;`, fromHost))
+					strings.Contains(server, `return 308 $redirect_to;`)
 			})
 
 		ginkgo.By("sending request to www should redirect to domain")
@@ -98,7 +98,7 @@ var _ = framework.DescribeAnnotation("from-to-www-redirect", func() {
 			WithHeader("Host", toHost).
 			Expect().
 			Status(http.StatusPermanentRedirect).
-			Header("Location").Equal(fmt.Sprintf("https://%v/", fromHost))
+			Header("Location").Equal(fmt.Sprintf("https://%v", fromHost))
 
 		ginkgo.By("sending request to domain should not redirect to www")
 		f.HTTPTestClientWithTLSConfig(&tls.Config{
diff --git a/test/e2e/settings/tls.go b/test/e2e/settings/tls.go
index 2b8b098c8..33e200de0 100644
--- a/test/e2e/settings/tls.go
+++ b/test/e2e/settings/tls.go
@@ -196,7 +196,7 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 			// we can not use gorequest here because it flattens the duplicate headers
 			// and specifically in case of Strict-Transport-Security it ignore extra headers
 			// intead of concatenating, rightfully. And I don't know of any API it provides for getting raw headers.
-			curlCmd := fmt.Sprintf("curl -I -k --fail --silent --resolve settings-tls:443:127.0.0.1 https://settings-tls/%v", "?hsts=true")
+			curlCmd := fmt.Sprintf("curl -I -k --fail --silent --resolve settings-tls:443:127.0.0.1 https://settings-tls%v", "?hsts=true")
 			output, err := f.ExecIngressPod(curlCmd)
 			assert.Nil(ginkgo.GinkgoT(), err)
 			assert.Contains(ginkgo.GinkgoT(), output, "strict-transport-security: max-age=86400; preload")
@@ -222,7 +222,7 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				WithHeader("Host", host).
 				Expect().
 				Status(http.StatusPermanentRedirect).
-				Header("Location").Equal(fmt.Sprintf("https://%v/", host))
+				Header("Location").Equal(fmt.Sprintf("https://%v", host))
 		})
 
 		ginkgo.It("should not use ports or X-Forwarded-Host during the HTTP to HTTPS redirection", func() {
@@ -243,7 +243,7 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 				WithHeader("X-Forwarded-Host", "example.com:80").
 				Expect().
 				Status(http.StatusPermanentRedirect).
-				Header("Location").Equal("https://example.com/")
+				Header("Location").Equal("https://example.com")
 		})
 	})
 
diff --git a/test/e2e/ssl/http_redirect.go b/test/e2e/ssl/http_redirect.go
index 4ccd9335b..5968397cb 100644
--- a/test/e2e/ssl/http_redirect.go
+++ b/test/e2e/ssl/http_redirect.go
@@ -54,6 +54,6 @@ var _ = framework.IngressNginxDescribe("[SSL] redirect to HTTPS", func() {
 			WithHeader("Host", host).
 			Expect().
 			Status(http.StatusPermanentRedirect).
-			Header("Location").Equal("https://redirect.com/")
+			Header("Location").Equal("https://redirect.com")
 	})
 })