about summary refs log tree commit homepage
path: root/lib
diff options
context:
space:
mode:
authorEric Wong <normalperson@yhbt.net>2010-12-21 01:28:23 +0000
committerEric Wong <normalperson@yhbt.net>2010-12-21 01:28:23 +0000
commit1f5bac15cd8e4393c6da98eb7bb4532133dc6259 (patch)
tree4d230cdb233014230714d021a00e40ffad93f595 /lib
parentbf64b9aa855cf3590a4d5b4eca853aef33ba90cc (diff)
downloadunicorn-1f5bac15cd8e4393c6da98eb7bb4532133dc6259.tar.gz
More config bloat, sadly this is necessary for Rainbows! :<
Diffstat (limited to 'lib')
-rw-r--r--lib/unicorn/configurator.rb9
-rw-r--r--lib/unicorn/http_server.rb8
2 files changed, 17 insertions, 0 deletions
diff --git a/lib/unicorn/configurator.rb b/lib/unicorn/configurator.rb
index d522c54..2415dda 100644
--- a/lib/unicorn/configurator.rb
+++ b/lib/unicorn/configurator.rb
@@ -42,6 +42,7 @@ class Unicorn::Configurator
     :preload_app => false,
     :rewindable_input => true, # for Rack 2.x: (Rack::VERSION[0] <= 1),
     :client_body_buffer_size => Unicorn::Const::MAX_BODY,
+    :trust_x_forwarded => true,
   }
   #:startdoc:
 
@@ -448,6 +449,14 @@ class Unicorn::Configurator
     set[:user] = [ user, group ]
   end
 
+  # Sets whether or not the parser will trust X-Forwarded-Proto and
+  # X-Forwarded-SSL headers and set "rack.url_scheme" to "https" accordingly.
+  # Rainbows!/Zbatery installations facing untrusted clients directly
+  # should set this to +false+.  This is +true+ by default.
+  def trust_x_forwarded(bool)
+    set_bool(:trust_x_forwarded, bool)
+  end
+
   # expands "unix:path/to/foo" to a socket relative to the current path
   # expands pathnames of sockets if relative to "~" or "~username"
   # expands "*:port and ":port" to "0.0.0.0:port"
diff --git a/lib/unicorn/http_server.rb b/lib/unicorn/http_server.rb
index 29b34d6..6f02f29 100644
--- a/lib/unicorn/http_server.rb
+++ b/lib/unicorn/http_server.rb
@@ -372,6 +372,14 @@ class Unicorn::HttpServer
     Unicorn::TeeInput.client_body_buffer_size = bytes
   end
 
+  def trust_x_forwarded
+    Unicorn::HttpParser.trust_x_forwarded?
+  end
+
+  def trust_x_forwarded=(bool)
+    Unicorn::HttpParser.trust_x_forwarded = bool
+  end
+
   private
 
   # wait for a signal hander to wake us up and then consume the pipe