Issues with Permitted Paths - Wrong request designs

Hello everyone!
I’m currently experimenting with the Permitted Paths option of Pritunl Zero.

I found a major issue, completely destroying the experience and wonder wether this is a misconfiguration on my side or a design decision:

When using permitted Paths, requests allowed by it (everything addressed to a permitted path) will be built differently than the requests issued by a regular, authenticated user.

One quick example: I’m running Nextcloud behind Pritunl Zero. The Moment i add the nextcloud sharing paths to permitted paths, the URLs returned by nextcloud (i.e. hrefs for Buttons, etc.) will change to the internal IP, pritunl used to acces the service, but not the public Domain. This will make the site unusable. Also: Nextcloud will no longer recognize the requests as issued by a reverse Proxy (which would mean, that you set the trusted_proxy to the pritunl-zero host and the trusted_domains option to the public DNS), but instead interpret it as a direct request issued by nextcloud (recognized Domain is no longer DNS, but instead the internal IP). Nextcloud behaves correct when permitted paths are unset.

Am I the only one having this issue or is this known?

Thanks in advance you guys!

Set the Host option on the right side of the External Domains to the domain of the service.

Hi Zach, I’m afraid this did not change the behavior. I’ve already tried that multiple times. Or maybe you misunderstood my message.

I will need more information about the requests. There is a different mechanism used for permitted paths. This is referenced as webisolated in the code pritunl-zero/proxy/webisolated.go. For improved safety requests for permitted paths are more restricted and processed than authenticated requests. I would need to see the requests to find what is being excluded or broken.

This has been fixed in the latest release currently in the unstable repository.