Skip to content

Commit

Permalink
Issue #5443 - Forwarding Headers are optional
Browse files Browse the repository at this point in the history
+ Improve / document implied secure scheme behaviors
  for both `Proxy-Ssl-Id` or `Proxy-auth-cert`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
  • Loading branch information
joakime committed Oct 13, 2020
1 parent f0681b3 commit abdada0
Showing 1 changed file with 21 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -481,8 +481,6 @@ public void customize(Connector connector, HttpConfiguration config, Request req

if (match)
{
String proto;

// Is secure status configured from headers?
if (forwarded.isSecure())
{
Expand All @@ -492,8 +490,12 @@ public void customize(Connector connector, HttpConfiguration config, Request req
// Set Scheme from configured protocol
if (forwarded._proto != null)
{
proto = forwarded._proto;
request.setScheme(proto);
request.setScheme(forwarded._proto);
}
// Set scheme if header implies secure scheme is to be used (see #isSslIsSecure())
else if (forwarded._secureScheme)
{
request.setScheme(config.getSecureScheme());
}

// Set authority
Expand Down Expand Up @@ -741,6 +743,7 @@ private class Forwarded extends QuotedCSVParser
String _proto;
Source _protoSource = Source.UNSET;
Boolean _secure;
boolean _secureScheme = false;

public Forwarded(Request request, HttpConfiguration config)
{
Expand Down Expand Up @@ -784,25 +787,35 @@ private MutableHostPort getFor()
return _for;
}

@SuppressWarnings("unused")
/**
* Called if header is <code>Proxy-auth-cert</code>
*/
public void handleCipherSuite(HttpField field)
{
_request.setAttribute("javax.servlet.request.cipher_suite", field.getValue());

// Is ForwardingRequestCustomizer configured to trigger isSecure and scheme change on this header?
if (isSslIsSecure())
{
_secure = true;
_proto = "https";
// track desire for secure scheme, actual protocol will be resolved later.
_secureScheme = true;
}
}

@SuppressWarnings("unused")
/**
* Called if header is <code>Proxy-Ssl-Id</code>
*/
public void handleSslSessionId(HttpField field)
{
_request.setAttribute("javax.servlet.request.ssl_session_id", field.getValue());

// Is ForwardingRequestCustomizer configured to trigger isSecure and scheme change on this header?
if (isSslIsSecure())
{
_secure = true;
_proto = "https";
// track desire for secure scheme, actual protocol will be resolved later.
_secureScheme = true;
}
}

Expand Down

0 comments on commit abdada0

Please sign in to comment.