From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on dcvr.yhbt.net
X-Spam-Level: 
X-Spam-ASN: AS14383 205.234.109.0/24
X-Spam-Status: No, score=-0.7 required=5.0 tests=MSGID_FROM_MTA_HEADER,
 RP_MATCHES_RCVD shortcircuit=no autolearn=unavailable version=3.3.2
Path: news.gmane.org!not-for-mail
From: =?iso-8859-1?q?I=F1aki_Baz_Castillo?= <ibc@aliax.net>
Newsgroups: gmane.comp.lang.ruby.unicorn.general
Subject: Re: X-Forwarded-Proto / X_FORWARDED_PROTO
Date: Sat, 9 Jan 2010 23:33:41 +0100
Message-ID: <201001092333.41898.ibc@aliax.net>
References: <20100109221656.GA8846@waste.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Trace: ger.gmane.org 1263076632 31766 80.91.229.12 (9 Jan 2010 22:37:12
 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 9 Jan 2010 22:37:12 +0000 (UTC)
To: mongrel-unicorn@rubyforge.org
Original-X-From: mongrel-unicorn-bounces@rubyforge.org Sat Jan 09 23:37:05
 2010
Return-path: <mongrel-unicorn-bounces@rubyforge.org>
Envelope-to: gclrug-mongrel-unicorn@m.gmane.org
X-Original-To: mongrel-unicorn@rubyforge.org
Delivered-To: mongrel-unicorn@rubyforge.org
User-Agent: KMail/1.12.2 (Linux/2.6.28-16-generic; KDE/4.3.2; x86_64; ; )
In-Reply-To: <20100109221656.GA8846@waste.org>
X-BeenThere: mongrel-unicorn@rubyforge.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <unicorn-public@bogomips.org>
List-Unsubscribe: <http://rubyforge.org/mailman/options/mongrel-unicorn>,
 <mailto:mongrel-unicorn-request@rubyforge.org?subject=unsubscribe>
List-Archive: <http://rubyforge.org/pipermail/mongrel-unicorn>
List-Post: <unicorn-public@bogomips.org>
List-Help: <mailto:mongrel-unicorn-request@rubyforge.org?subject=help>
List-Subscribe: <http://rubyforge.org/mailman/listinfo/mongrel-unicorn>,
 <mailto:mongrel-unicorn-request@rubyforge.org?subject=subscribe>
Original-Sender: mongrel-unicorn-bounces@rubyforge.org
Errors-To: mongrel-unicorn-bounces@rubyforge.org
Xref: news.gmane.org gmane.comp.lang.ruby.unicorn.general:334
Archived-At:
 <http://permalink.gmane.org/gmane.comp.lang.ruby.unicorn.general/334>
Received: from rubyforge.org ([205.234.109.19]) by lo.gmane.org with esmtp
 (Exim 4.50) id 1NTjvc-0006zU-QS for gclrug-mongrel-unicorn@m.gmane.org; Sat,
 09 Jan 2010 23:37:05 +0100
Received: from rubyforge.org (rubyforge.org [127.0.0.1]) by rubyforge.org
 (Postfix) with ESMTP id 6650818582CB; Sat,  9 Jan 2010 17:37:05 -0500 (EST)
Received: from mail-ew0-f209.google.com (mail-ew0-f209.google.com
 [209.85.219.209]) by rubyforge.org (Postfix) with ESMTP id E647518582CB for
 <mongrel-unicorn@rubyforge.org>; Sat,  9 Jan 2010 17:33:49 -0500 (EST)
Received: by ewy1 with SMTP id 1so1951485ewy.8 for
 <mongrel-unicorn@rubyforge.org>; Sat, 09 Jan 2010 14:33:49 -0800 (PST)
Received: by 10.213.37.199 with SMTP id y7mr4761526ebd.18.1263076428856; Sat,
 09 Jan 2010 14:33:48 -0800 (PST)
Received: from ibc-laptop.localnet ([212.230.46.89]) by mx.google.com with
 ESMTPS id 13sm17267668ewy.5.2010.01.09.14.33.46 (version=TLSv1/SSLv3
 cipher=RC4-MD5); Sat, 09 Jan 2010 14:33:47 -0800 (PST)

El S=E1bado, 9 de Enero de 2010, skaar escribi=F3:
> Eric,
> =

> think I came across an issue with the parser in unicorn, with a request
> (due to 2 layers of nginx proxying) coming across with both a
> X_FORWARDED_PROTO and a X-Forwarded-Proto header. From the socket (in
> HttpRequest) - we get:
> =

>   X_FORWARDED_PROTO: http
>   X-Forwarded-Proto: https
> =

> which is parsed to
> =

>   HTTP_X_FORWARDED_PROTO"=3D>"http,https
> =

> There was a passenger ticket that describes that from nginx's point of
> view - X-Forwarded-Proto is the "correct" form.

Rack specs require "-" being converted to "_" in header names, so both head=
er =

X_FORWARDED_PROTO and X-Forwarded-Proto become the same header.

Then we have two headers with same name and different value. Some headers a=
re =

defined as "multivalue" which means that they would have the same meaning i=
f =

an unique header exists containing both values separated by comma (the top =
one =

first). So:

  X_FORWARDED_PROTO: http
  X-Forwarded-Proto: https

is equivalent to:

  X_FORWARDED_PROTO: http, https
 =

However it's not true that *any* header behaves in this way, but just heade=
rs =

defined in such way (by the standards). For example two "Authorization" =

headers cannot be joined in a single header.

So it's not totally safe to assume that any header appearing various times =

could be a single header with their values separated by comma, however I th=
ink =

it's a good approach.

More correct would be that Unicorn parses uknown headers appearing more tha=
n =

one time by setting a Array as value:

  X_FORWARDED_PROTO: ["http", "https"]

Unfortunately this is not allowed in Rack specifications.


-- =

I=F1aki Baz Castillo <ibc@aliax.net>
_______________________________________________
Unicorn mailing list - mongrel-unicorn@rubyforge.org
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying