fix: sanitize host headers before use

# Which Problems Are Solved Host headers used to identify the instance and further used in public responses such as OIDC discovery endpoints, email links and more were not correctly handled. While they were matched against existing instances, they were not properly sanitized. # How the Problems Are Solved Sanitize host header including port validation (if provided). # Additional Changes None # Additional Context - requires backports (cherry picked from commit 72a5c33e6a) (cherry picked from commit 7520450e11)
2025-12-24 01:06:45 +00:00 · 2025-10-29 10:05:37 +01:00
parent 8c81a10f0a
commit d9cd4e9892
9 changed files with 155 additions and 30 deletions
--- a/internal/api/grpc/server/middleware/instance_interceptor.go
+++ b/internal/api/grpc/server/middleware/instance_interceptor.go
@@ -91,11 +91,11 @@ func addInstanceByDomain(ctx context.Context, req interface{}, handler grpc.Unar

 func addInstanceByRequestedHost(ctx context.Context, req interface{}, handler grpc.UnaryHandler, verifier authz.InstanceVerifier, translator *i18n.Translator, externalDomain string) (interface{}, error) {
 	requestContext := zitadel_http.DomainContext(ctx)
-	if requestContext.InstanceHost == "" {
+	if requestContext.InstanceDomain() == "" {
 		logging.WithFields("origin", requestContext.Origin(), "externalDomain", externalDomain).Error("unable to set instance")
 		return nil, status.Error(codes.NotFound, "no instanceHost specified")
 	}
-	instance, err := verifier.InstanceByHost(ctx, requestContext.InstanceHost, requestContext.PublicHost)
+	instance, err := verifier.InstanceByHost(ctx, requestContext.InstanceDomain(), requestContext.RequestedDomain())
 	if err != nil {
 		origin := zitadel_http.DomainContext(ctx)
 		logging.WithFields("origin", requestContext.Origin(), "externalDomain", externalDomain).WithError(err).Error("unable to set instance")