proxy_pass: attempt to forward premature upstream responses

Upstreams may shut us down while we're writing a request body,
attempt to forward any responses from the upstream back to the
client which may explain the rejection reason for giant uploads.

1 files changed, 43 insertions, 5 deletions

diff --git a/test/test_proxy_pass.rb b/test/test_proxy_pass.rb
index eb866b3..840ad1c 100644
--- a/test/test_proxy_pass.rb
+++ b/test/test_proxy_pass.rb
@@ -141,11 +141,21 @@ class TestProxyPass < Testcase
           [ 200, h, [] ]
         end
       when 'PUT'
-        buf = env['rack.input'].read
-        [ 201, {
-          'Content-Length' => buf.bytesize.to_s,
-          'Content-Type' => 'text/plain',
-          }, [ buf ] ]
+        case env['PATH_INFO']
+        when '/forbidden-put'
+          # ignore rack.input
+          [ 403, [ %w(Content-Type text/html), %w(Content-Length 0) ], [] ]
+        when '/forbidden-put-abort'
+         env['rack.hijack'].call.close
+         # should not be seen:
+         [ 123, [ %w(Content-Type text/html), %w(Content-Length 0) ], [] ]
+        else
+          buf = env['rack.input'].read
+          [ 201, {
+            'Content-Length' => buf.bytesize.to_s,
+            'Content-Type' => 'text/plain',
+            }, [ buf ] ]
+        end
       end
     end
   end
@@ -249,11 +259,13 @@ class TestProxyPass < Testcase
         app(:rack, ProxiedApp.new) do
           listen "#{host2}:#{port2}"
           client_max_body_size nil
+          input_buffering :lazy
         end
         stderr_path err.path
       end
     end
 
+    check_forbidden_put(host, port)
     check_eof_body(host, port)
     check_pipelining(host, port)
     check_response_trailer(host, port)
@@ -560,4 +572,30 @@ class TestProxyPass < Testcase
       s.close
     end
   end
+
+  def check_forbidden_put(host, port)
+    to_close = []
+    Timeout.timeout(60) do
+      s = TCPSocket.new(host, port)
+      to_close << s
+      s.write("PUT /forbidden-put HTTP/1.1\r\nHost: example.com\r\n" \
+              "Content-Length: #{OMFG.size}\r\n\r\n")
+      assert_equal OMFG.size, s.write(OMFG),
+                   "proxy fully buffers, upstream does not"
+      assert_match %r{\AHTTP/1\.1 403 }, s.readpartial(1024)
+      assert_raises(EOFError) { s.readpartial(1) }
+
+      s = TCPSocket.new(host, port)
+      to_close << s
+      s.write("PUT /forbidden-put-abort HTTP/1.1\r\nHost: example.com\r\n" \
+              "Content-Length: #{OMFG.size}\r\n\r\n")
+      assert_equal OMFG.size, s.write(OMFG),
+                   "proxy fully buffers, upstream does not"
+      assert_match %r{\AHTTP/1\.1 502 Bad Gateway}, s.readpartial(1024)
+      assert_raises(EOFError) { s.readpartial(1) }
+      @err.truncate(0)
+    end
+  ensure
+    to_close.each(&:close)
+  end
 end