Skip to content

Add test for presence of X-Forwarded-For and X-Forwarded-Proto HTTP headers #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nonrational merged 6 commits into from
Feb 3, 2022
Merged

Add test for presence of X-Forwarded-For and X-Forwarded-Proto HTTP headers #299

nonrational merged 6 commits into from
Feb 3, 2022

Conversation

@vojtad
Copy link
Contributor

@vojtad vojtad commented Feb 1, 2022

Presence and content of X-Forwarded-For and X-Forwarded-Proto is checked in requests made to the origin server.

X-Forwarded-For is checked to be equal to 127.0.0.1. X-Forwarded-Proto is checked to be equal to https because the test request is made using HTTPS.

These headers are expected to be present when requests go through reverse proxy.

Especially X-Forwarded-Proto is required when proxy terminates SSL and forwards request to the origin server using plain HTTP. When this header is missing it can cause infinite redirect loop back to HTTPS.

Checks for issue reported in #298 caused by #292. This test fails on v0.18.0 and passes on v0.17.0.

@vojtad vojtad force-pushed the test-for-x-forwarded-http-headers branch from 66b3725 to 5125500 Compare February 1, 2022 20:47
@vojtad
Copy link
Contributor Author

vojtad commented Feb 1, 2022

I managed to fix the issue by setting X-Forwarded-Proto HTTP header based on the proxied request.

However, I am not very familiar with puma-dev codebase and golang. Please review if the fix is ok and let me know if any changes are required.

nonrational
nonrational requested changes Feb 1, 2022
View reviewed changes
Copy link
Member

@nonrational nonrational left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking the time to find, test, and fix the issue!

@nonrational
Copy link
Member

nonrational commented Feb 3, 2022

@vojtad can you update this branch to include the latest from master? that should make the tests run, which should pass, and I can merge / tag / release!

@nonrational nonrational self-requested a review February 3, 2022 18:25
@vojtad vojtad force-pushed the test-for-x-forwarded-http-headers branch from 4b3f265 to 0ecde59 Compare February 3, 2022 21:22
@nonrational nonrational merged commit eca3979 into puma:master Feb 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nonrational nonrational Awaiting requested review from nonrational

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vojtad @nonrational