From fd9e1927e521c0dffecde46f1af7dfe7ebb88a66 Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Fri, 11 Feb 2022 13:52:08 -0800
Subject: [PATCH] email: Simplify modifying headers proxied to rspamd web UI

There is no need to remove many headers explicitly after doing ProxyAddHeaders
off. If those headers are set by the client, that will merely result in an
unnecessary password dialog.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 .../conf-available/email-freedombox.conf      | 20 +++++++++----------
 1 file changed, 9 insertions(+), 11 deletions(-)

diff --git a/plinth/modules/email/data/etc/apache2/conf-available/email-freedombox.conf b/plinth/modules/email/data/etc/apache2/conf-available/email-freedombox.conf
index 6fe412877..9f99790de 100644
--- a/plinth/modules/email/data/etc/apache2/conf-available/email-freedombox.conf
+++ b/plinth/modules/email/data/etc/apache2/conf-available/email-freedombox.conf
@@ -1,3 +1,5 @@
+# Serve rspamd web UI:
+# https://www.rspamd.com/doc/faq.html#how-to-use-the-webui-behind-a-proxy-server
 <LocationMatch "^/rspamd$">
     Redirect "/rspamd/"
 </LocationMatch>
@@ -5,18 +7,12 @@
 <Location "/rspamd/">
     ProxyPass http://127.0.0.1:11334/
     ProxyPassReverse http://127.0.0.1:11334/
-    # Modify proxy headers
+
+    # Don't add X-Forwarded* headers to make rspamd think that request is coming
+    # from localhost. This disables rspamd's password auth mechanism in favor of
+    # FreedomBox authentication and authorization below.
     ProxyAddHeaders off
-    RequestHeader unset Forwarded
-    RequestHeader unset Via
-    RequestHeader unset X-Forwarded-For
-    RequestHeader unset X-Forwarded-Host
-    RequestHeader unset X-Forwarded-Proto
-    RequestHeader unset X-Forwarded-Server
-    RequestHeader unset X-Real-IP
-    RequestHeader set X-Forwarded-For "127.0.0.1"
-    # Modify response headers
-    Header unset Set-Cookie
+
     # Require SSO
     Include includes/freedombox-single-sign-on.conf
     <IfModule mod_auth_pubtkt.c>
@@ -24,6 +20,8 @@
     </IfModule>
 </Location>
 
+# Automatic configuration for clients like Thunderbird:
+# https://wiki.mozilla.org/Thunderbird:Autoconfiguration#Implementation
 <Location "/.well-known/autoconfig/mail/config-v1.1.xml">
     <IfModule mod_rewrite.c>
         RewriteEngine On