3 files changed, 11 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index a5d9f7292c..0d39b94c7c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+Tue Jun 21 19:32:23 2016  Mark St.Godard  <markstgodard@gmail.com>
+
+	* lib/webrick/httprequest.rb (setup_forwarded_info): Use the first
+	  value in X-Forwarded-Proto, if header contains multiple comma
+	  separated values.  Some middlewares may add these values to the
+	  list, not replacing.  [Fix GH-1386]
+
 Tue Jun 21 17:17:42 2016  Martin Duerst  <duerst@it.aoyama.ac.jp>
 
 	* test/ruby/test_io.rb: Skip test_readpartial_with_not_empty_buffer,
diff --git a/lib/webrick/httprequest.rb b/lib/webrick/httprequest.rb
index 88cdec8a52..10cf72d288 100644
--- a/lib/webrick/httprequest.rb
+++ b/lib/webrick/httprequest.rb
@@ -567,7 +567,9 @@ module WEBrick
       if @forwarded_server = self["x-forwarded-server"]
         @forwarded_server = @forwarded_server.split(",", 2).first
       end
-      @forwarded_proto = self["x-forwarded-proto"]
+      if @forwarded_proto = self["x-forwarded-proto"]
+        @forwarded_proto = @forwarded_proto.split(",", 2).first
+      end
       if host_port = self["x-forwarded-host"]
         host_port = host_port.split(",", 2).first
         @forwarded_host, tmp = host_port.split(":", 2)
diff --git a/test/webrick/test_httprequest.rb b/test/webrick/test_httprequest.rb
index 3ece8a3ad9..855ff9d4a7 100644
--- a/test/webrick/test_httprequest.rb
+++ b/test/webrick/test_httprequest.rb
@@ -301,7 +301,7 @@ GET /
       GET /foo HTTP/1.1
       Host: localhost:10080
       Client-IP: 234.234.234.234
-      X-Forwarded-Proto: https
+      X-Forwarded-Proto: https, http
       X-Forwarded-For: 192.168.1.10, 10.0.0.1, 123.123.123.123
       X-Forwarded-Host: forward.example.com
       X-Forwarded-Server: server.example.com