-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot detect if a request comes in via https when behind a Proxy #151
Comments
@Asmod4n I believe those headers are fairly well-known. The solution above looks sane, but I'd love to see several people test it in different combinations. |
@seancribbs What is a real let down is that anyone can send those headers, so you probably need a option in https://github.com/seancribbs/webmachine-ruby/blob/master/lib/webmachine/configuration.rb#L11 specifying which headers to trust. |
Definitely should be gated by some sort of "I'm behind a proxy I trust" setting |
I belive i came up with something useful. By default Webmachine believes it connects directly to clients, passing along request.headers unmodified to your app. When you set a new option like :runs_behind_proxy to true you also have to give it a hash of trusted headers like X-Forwarded-For and X-Forwarded-Port. It then duplicates the request.headers hash, modifies all entries which start with "X-" passing along only those which are trusted and also automagically changes request.uri. Proxies tend to send X-Forwarded-Port, X-Forwarded-Host and X-Forwarded-Proto so changing request.uri to reflect those values can come handy. |
I am just at a loss how to implement that once you use Webmachine like here https://github.com/seancribbs/webmachine-ruby/blob/master/examples/application.rb#L21, how would one get a hold of the configuration stored in MyApp :? |
Made probably the most hackish attempt to support it the way it currently is in #153 |
Closing in favor of #153 |
Currently https://github.com/seancribbs/webmachine-ruby/blob/master/lib/webmachine/request.rb#L99 cannot detect if a request comes in via https when webmachine runs behind a proxy, what rack does isn't complete either https://github.com/rack/rack/blob/master/lib/rack/request.rb#L70
what i am doing at the moment is to set request.uri.scheme to this on Resource.new
It works behind Pond, Apache and Nginx.
Does this even belong in Webmachine or should each adapter do it on its own?
The text was updated successfully, but these errors were encountered: