From 1f5bac15cd8e4393c6da98eb7bb4532133dc6259 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Tue, 21 Dec 2010 01:28:23 +0000 Subject: http: hook up "trust_x_forwarded" to configurator More config bloat, sadly this is necessary for Rainbows! :< --- lib/unicorn/configurator.rb | 9 +++++++++ lib/unicorn/http_server.rb | 8 ++++++++ 2 files changed, 17 insertions(+) (limited to 'lib/unicorn') diff --git a/lib/unicorn/configurator.rb b/lib/unicorn/configurator.rb index d522c54..2415dda 100644 --- a/lib/unicorn/configurator.rb +++ b/lib/unicorn/configurator.rb @@ -42,6 +42,7 @@ class Unicorn::Configurator :preload_app => false, :rewindable_input => true, # for Rack 2.x: (Rack::VERSION[0] <= 1), :client_body_buffer_size => Unicorn::Const::MAX_BODY, + :trust_x_forwarded => true, } #:startdoc: @@ -448,6 +449,14 @@ class Unicorn::Configurator set[:user] = [ user, group ] end + # Sets whether or not the parser will trust X-Forwarded-Proto and + # X-Forwarded-SSL headers and set "rack.url_scheme" to "https" accordingly. + # Rainbows!/Zbatery installations facing untrusted clients directly + # should set this to +false+. This is +true+ by default. + def trust_x_forwarded(bool) + set_bool(:trust_x_forwarded, bool) + end + # expands "unix:path/to/foo" to a socket relative to the current path # expands pathnames of sockets if relative to "~" or "~username" # expands "*:port and ":port" to "0.0.0.0:port" diff --git a/lib/unicorn/http_server.rb b/lib/unicorn/http_server.rb index 29b34d6..6f02f29 100644 --- a/lib/unicorn/http_server.rb +++ b/lib/unicorn/http_server.rb @@ -372,6 +372,14 @@ class Unicorn::HttpServer Unicorn::TeeInput.client_body_buffer_size = bytes end + def trust_x_forwarded + Unicorn::HttpParser.trust_x_forwarded? + end + + def trust_x_forwarded=(bool) + Unicorn::HttpParser.trust_x_forwarded = bool + end + private # wait for a signal hander to wake us up and then consume the pipe -- cgit v1.2.3-24-ge0c7