diff options
author | Eric Wong <normalperson@yhbt.net> | 2010-12-20 19:40:57 +0000 |
---|---|---|
committer | Eric Wong <normalperson@yhbt.net> | 2010-12-20 20:45:29 +0000 |
commit | b740269f121167c4f93e3a0e155e05422f6e80ff (patch) | |
tree | 853bbc2717ed511aab04deb2e86fcb18f51f9ef1 /ext/unicorn_http/unicorn_http.rl | |
parent | 7ad59e0c48e12febae2a2fe86b76116c05977c6f (diff) | |
download | unicorn-b740269f121167c4f93e3a0e155e05422f6e80ff.tar.gz |
The first value of X-Forwarded-Proto in rack.url_scheme should be used as it can be chained. This header can be set multiple times via different proxies in the chain, but consider the first one to be valid. Additionally, respect X-Forwarded-SSL as it may be passed with the "on" flag instead of X-Forwarded-Proto. ref: rack commit 85ca454e6143a3081d90e4546ccad602a4c3ad2e and 35bb5ba6746b5d346de9202c004cc926039650c7
Diffstat (limited to 'ext/unicorn_http/unicorn_http.rl')
-rw-r--r-- | ext/unicorn_http/unicorn_http.rl | 28 |
1 files changed, 23 insertions, 5 deletions
diff --git a/ext/unicorn_http/unicorn_http.rl b/ext/unicorn_http/unicorn_http.rl index ba7ecb3..05e88bc 100644 --- a/ext/unicorn_http/unicorn_http.rl +++ b/ext/unicorn_http/unicorn_http.rl @@ -422,13 +422,31 @@ static void finalize_header(struct http_parser *hp) VALUE server_name = g_localhost; VALUE server_port = g_port_80; - /* set rack.url_scheme to "https" or "http", no others are allowed by Rack */ + /* + * set rack.url_scheme to "https" or "http", no others are allowed by Rack + * this resembles the Rack::Request#scheme method as of rack commit + * 35bb5ba6746b5d346de9202c004cc926039650c7 + */ if (NIL_P(temp)) { - temp = rb_hash_aref(hp->env, g_http_x_forwarded_proto); - if (!NIL_P(temp) && STR_CSTR_EQ(temp, "https")) + temp = rb_hash_aref(hp->env, g_http_x_forwarded_ssl); + if (!NIL_P(temp) && STR_CSTR_EQ(temp, "on")) { server_port = g_port_443; - else - temp = g_http; + temp = g_https; + } else { + temp = rb_hash_aref(hp->env, g_http_x_forwarded_proto); + if (NIL_P(temp)) { + temp = g_http; + } else { + long len = RSTRING_LEN(temp); + if (len >= 5 && !memcmp(RSTRING_PTR(temp), "https", 5)) { + if (len != 5) + temp = g_https; + server_port = g_port_443; + } else { + temp = g_http; + } + } + } rb_hash_aset(hp->env, g_rack_url_scheme, temp); } else if (STR_CSTR_EQ(temp, "https")) { server_port = g_port_443; |