ruby-changes:43410
From: nobu <ko1@a...>
Date: Tue, 21 Jun 2016 19:32:31 +0900 (JST)
Subject: [ruby-changes:43410] nobu:r55484 (trunk): Multiple values X-Forwarded-Proto in webrick
nobu 2016-06-21 19:32:26 +0900 (Tue, 21 Jun 2016) New Revision: 55484 https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55484 Log: Multiple values X-Forwarded-Proto in webrick * lib/webrick/httprequest.rb (setup_forwarded_info): Use the first value in X-Forwarded-Proto, if header contains multiple comma separated values. Some middlewares may add these values to the list, not replacing. [Fix GH-1386] Modified files: trunk/ChangeLog trunk/lib/webrick/httprequest.rb trunk/test/webrick/test_httprequest.rb Index: lib/webrick/httprequest.rb =================================================================== --- lib/webrick/httprequest.rb (revision 55483) +++ lib/webrick/httprequest.rb (revision 55484) @@ -567,7 +567,9 @@ module WEBrick https://github.com/ruby/ruby/blob/trunk/lib/webrick/httprequest.rb#L567 if @forwarded_server = self["x-forwarded-server"] @forwarded_server = @forwarded_server.split(",", 2).first end - @forwarded_proto = self["x-forwarded-proto"] + if @forwarded_proto = self["x-forwarded-proto"] + @forwarded_proto = @forwarded_proto.split(",", 2).first + end if host_port = self["x-forwarded-host"] host_port = host_port.split(",", 2).first @forwarded_host, tmp = host_port.split(":", 2) Index: test/webrick/test_httprequest.rb =================================================================== --- test/webrick/test_httprequest.rb (revision 55483) +++ test/webrick/test_httprequest.rb (revision 55484) @@ -301,7 +301,7 @@ GET / https://github.com/ruby/ruby/blob/trunk/test/webrick/test_httprequest.rb#L301 GET /foo HTTP/1.1 Host: localhost:10080 Client-IP: 234.234.234.234 - X-Forwarded-Proto: https + X-Forwarded-Proto: https, http X-Forwarded-For: 192.168.1.10, 10.0.0.1, 123.123.123.123 X-Forwarded-Host: forward.example.com X-Forwarded-Server: server.example.com Index: ChangeLog =================================================================== --- ChangeLog (revision 55483) +++ ChangeLog (revision 55484) @@ -1,3 +1,10 @@ https://github.com/ruby/ruby/blob/trunk/ChangeLog#L1 +Tue Jun 21 19:32:23 2016 Mark St.Godard <markstgodard@g...> + + * lib/webrick/httprequest.rb (setup_forwarded_info): Use the first + value in X-Forwarded-Proto, if header contains multiple comma + separated values. Some middlewares may add these values to the + list, not replacing. [Fix GH-1386] + Tue Jun 21 17:17:42 2016 Martin Duerst <duerst@i...> * test/ruby/test_io.rb: Skip test_readpartial_with_not_empty_buffer, -- ML: ruby-changes@q... Info: http://www.atdot.net/~ko1/quickml/