From 3a2c92f08eac8cd8f50356ff288e40a28636ee42 Mon Sep 17 00:00:00 2001
From: klyubin <klyubin@gmail.com>
Date: Wed, 19 Mar 2025 10:46:32 -0600
Subject: [PATCH] web: support Host 100.100.100.100:80 in tailscaled web server

This makes the web server running inside tailscaled on 100.100.100.100:80 support requests with `Host: 100.100.100.100:80` and its IPv6 equivalent.

Prior to this commit, the web server replied to such requests with a redirect to the node's Tailscale IP:5252.

Fixes https://github.com/tailscale/tailscale/issues/14415

Signed-off-by: Alex Klyubin <klyubin@gmail.com>
---
 client/web/web.go      |  3 ++-
 client/web/web_test.go | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/client/web/web.go b/client/web/web.go
index e9810ccd0..6eccdadcf 100644
--- a/client/web/web.go
+++ b/client/web/web.go
@@ -335,7 +335,8 @@ func (s *Server) requireTailscaleIP(w http.ResponseWriter, r *http.Request) (han
 		ipv6ServiceHost = "[" + tsaddr.TailscaleServiceIPv6String + "]"
 	)
 	// allow requests on quad-100 (or ipv6 equivalent)
-	if r.Host == ipv4ServiceHost || r.Host == ipv6ServiceHost {
+	host := strings.TrimSuffix(r.Host, ":80")
+	if host == ipv4ServiceHost || host == ipv6ServiceHost {
 		return false
 	}
 
diff --git a/client/web/web_test.go b/client/web/web_test.go
index 291356260..334b403a6 100644
--- a/client/web/web_test.go
+++ b/client/web/web_test.go
@@ -1177,6 +1177,16 @@ func TestRequireTailscaleIP(t *testing.T) {
 			target:      "http://[fd7a:115c:a1e0::53]/",
 			wantHandled: false,
 		},
+		{
+			name:        "quad-100:80",
+			target:      "http://100.100.100.100:80/",
+			wantHandled: false,
+		},
+		{
+			name:        "ipv6-service-addr:80",
+			target:      "http://[fd7a:115c:a1e0::53]:80/",
+			wantHandled: false,
+		},
 	}
 
 	for _, tt := range tests {