diff options
author | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-21 10:32:26 +0000 |
---|---|---|
committer | nobu <nobu@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2016-06-21 10:32:26 +0000 |
commit | dee1771b64a1b772b54b9cb273bf1a07cb3e7f1f (patch) | |
tree | f9a17382df572796d7424ff718a1f4a6eb73193d | |
parent | 72c8eeb6ae01c91e258f291e53036f6d6e921629 (diff) | |
download | ruby-dee1771b64a1b772b54b9cb273bf1a07cb3e7f1f.tar.gz |
Multiple values X-Forwarded-Proto in webrick
* lib/webrick/httprequest.rb (setup_forwarded_info): Use the first
value in X-Forwarded-Proto, if header contains multiple comma
separated values. Some middlewares may add these values to the
list, not replacing. [Fix GH-1386]
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@55484 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | lib/webrick/httprequest.rb | 4 | ||||
-rw-r--r-- | test/webrick/test_httprequest.rb | 2 |
3 files changed, 11 insertions, 2 deletions
@@ -1,3 +1,10 @@ +Tue Jun 21 19:32:23 2016 Mark St.Godard <markstgodard@gmail.com> + + * lib/webrick/httprequest.rb (setup_forwarded_info): Use the first + value in X-Forwarded-Proto, if header contains multiple comma + separated values. Some middlewares may add these values to the + list, not replacing. [Fix GH-1386] + Tue Jun 21 17:17:42 2016 Martin Duerst <duerst@it.aoyama.ac.jp> * test/ruby/test_io.rb: Skip test_readpartial_with_not_empty_buffer, diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb index 88cdec8a52..10cf72d288 100644 --- a/lib/webrick/httprequest.rb +++ b/lib/webrick/httprequest.rb @@ -567,7 +567,9 @@ module WEBrick if @forwarded_server = self["x-forwarded-server"] @forwarded_server = @forwarded_server.split(",", 2).first end - @forwarded_proto = self["x-forwarded-proto"] + if @forwarded_proto = self["x-forwarded-proto"] + @forwarded_proto = @forwarded_proto.split(",", 2).first + end if host_port = self["x-forwarded-host"] host_port = host_port.split(",", 2).first @forwarded_host, tmp = host_port.split(":", 2) diff --git a/test/webrick/test_httprequest.rb b/test/webrick/test_httprequest.rb index 3ece8a3ad9..855ff9d4a7 100644 --- a/test/webrick/test_httprequest.rb +++ b/test/webrick/test_httprequest.rb @@ -301,7 +301,7 @@ GET / GET /foo HTTP/1.1 Host: localhost:10080 Client-IP: 234.234.234.234 - X-Forwarded-Proto: https + X-Forwarded-Proto: https, http X-Forwarded-For: 192.168.1.10, 10.0.0.1, 123.123.123.123 X-Forwarded-Host: forward.example.com X-Forwarded-Server: server.example.com |