diff --git a/gennghttpxfun.py b/gennghttpxfun.py index 770d023d..50a0dd0f 100755 --- a/gennghttpxfun.py +++ b/gennghttpxfun.py @@ -163,8 +163,6 @@ OPTIONS = [ "redirect-https-port", "frontend-max-requests", "single-thread", - "no-add-x-forwarded-proto", - "strip-incoming-x-forwarded-proto", "single-process", ] diff --git a/src/shrpx.cc b/src/shrpx.cc index 683e7ad8..52a4477e 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -2485,12 +2485,6 @@ HTTP: --strip-incoming-x-forwarded-for Strip X-Forwarded-For header field from inbound client requests. - --add-x-forwarded-proto - Append X-Forwarded-Proto header field to the backend - request. - --strip-incoming-x-forwarded-proto - Strip X-Forwarded-Proto header field from inbound client - requests. --add-forwarded= Append RFC 7239 Forwarded header field with parameters specified in comma delimited list . The supported @@ -3333,9 +3327,6 @@ int main(int argc, char **argv) { {SHRPX_OPT_FRONTEND_MAX_REQUESTS.c_str(), required_argument, &flag, 155}, {SHRPX_OPT_SINGLE_THREAD.c_str(), no_argument, &flag, 156}, - {SHRPX_OPT_ADD_X_FORWARDED_PROTO.c_str(), no_argument, &flag, 157}, - {SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_PROTO.c_str(), no_argument, &flag, - 158}, {SHRPX_OPT_SINGLE_PROCESS.c_str(), no_argument, &flag, 159}, {nullptr, 0, nullptr, 0}}; @@ -4073,16 +4064,6 @@ int main(int argc, char **argv) { cmdcfgs.emplace_back(SHRPX_OPT_SINGLE_THREAD, StringRef::from_lit("yes")); break; - case 157: - // --add-x-forwarded-proto - cmdcfgs.emplace_back(SHRPX_OPT_ADD_X_FORWARDED_PROTO, - StringRef::from_lit("yes")); - break; - case 158: - // --strip-incoming-x-forwarded-proto - cmdcfgs.emplace_back(SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_PROTO, - StringRef::from_lit("yes")); - break; case 159: // --single-process cmdcfgs.emplace_back(SHRPX_OPT_SINGLE_PROCESS, diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index 6e41acb6..c5077345 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -1819,11 +1819,6 @@ int option_lookup_token(const char *name, size_t namelen) { return SHRPX_OPTID_TLS_MIN_PROTO_VERSION; } break; - case 'o': - if (util::strieq_l("add-x-forwarded-prot", name, 20)) { - return SHRPX_OPTID_ADD_X_FORWARDED_PROTO; - } - break; case 'r': if (util::strieq_l("tls-ticket-key-ciphe", name, 20)) { return SHRPX_OPTID_TLS_TICKET_KEY_CIPHER; @@ -2056,11 +2051,6 @@ int option_lookup_token(const char *name, size_t namelen) { return SHRPX_OPTID_BACKEND_CONNECTIONS_PER_FRONTEND; } break; - case 'o': - if (util::strieq_l("strip-incoming-x-forwarded-prot", name, 31)) { - return SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_PROTO; - } - break; } break; case 33: @@ -3369,14 +3359,6 @@ int parse_config(Config *config, int optid, const StringRef &opt, case SHRPX_OPTID_SINGLE_THREAD: config->single_thread = util::strieq_l("yes", optarg); - return 0; - case SHRPX_OPTID_ADD_X_FORWARDED_PROTO: - config->http.xfp.add = util::strieq_l("yes", optarg); - - return 0; - case SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_PROTO: - config->http.xfp.strip_incoming = util::strieq_l("yes", optarg); - return 0; case SHRPX_OPTID_SINGLE_PROCESS: config->single_process = util::strieq_l("yes", optarg); diff --git a/src/shrpx_config.h b/src/shrpx_config.h index 251ece69..ebd425a7 100644 --- a/src/shrpx_config.h +++ b/src/shrpx_config.h @@ -336,10 +336,6 @@ constexpr auto SHRPX_OPT_REDIRECT_HTTPS_PORT = constexpr auto SHRPX_OPT_FRONTEND_MAX_REQUESTS = StringRef::from_lit("frontend-max-requests"); constexpr auto SHRPX_OPT_SINGLE_THREAD = StringRef::from_lit("single-thread"); -constexpr auto SHRPX_OPT_ADD_X_FORWARDED_PROTO = - StringRef::from_lit("add-x-forwarded-proto"); -constexpr auto SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_PROTO = - StringRef::from_lit("strip-incoming-x-forwarded-proto"); constexpr auto SHRPX_OPT_SINGLE_PROCESS = StringRef::from_lit("single-process"); constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8; @@ -643,10 +639,6 @@ struct HttpConfig { bool add; bool strip_incoming; } xff; - struct { - bool add; - bool strip_incoming; - } xfp; std::vector altsvcs; std::vector error_pages; HeaderRefs add_request_headers; @@ -941,7 +933,6 @@ enum { SHRPX_OPTID_ADD_REQUEST_HEADER, SHRPX_OPTID_ADD_RESPONSE_HEADER, SHRPX_OPTID_ADD_X_FORWARDED_FOR, - SHRPX_OPTID_ADD_X_FORWARDED_PROTO, SHRPX_OPTID_ALTSVC, SHRPX_OPTID_API_MAX_REQUEST_BODY, SHRPX_OPTID_BACKEND, @@ -1060,7 +1051,6 @@ enum { SHRPX_OPTID_STREAM_WRITE_TIMEOUT, SHRPX_OPTID_STRIP_INCOMING_FORWARDED, SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_FOR, - SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_PROTO, SHRPX_OPTID_SUBCERT, SHRPX_OPTID_SYSLOG_FACILITY, SHRPX_OPTID_TLS_DYN_REC_IDLE_TIMEOUT, diff --git a/src/shrpx_http2_downstream_connection.cc b/src/shrpx_http2_downstream_connection.cc index 99856a5c..019f3f9d 100644 --- a/src/shrpx_http2_downstream_connection.cc +++ b/src/shrpx_http2_downstream_connection.cc @@ -371,24 +371,8 @@ int Http2DownstreamConnection::push_request_headers() { } if (!config->http2_proxy && req.method != HTTP_CONNECT) { - auto &xfpconf = httpconf.xfp; - auto xfp = xfpconf.strip_incoming - ? nullptr - : req.fs.header(http2::HD_X_FORWARDED_PROTO); - - if (xfpconf.add) { - StringRef xfp_value; - // We use same protocol with :scheme header field - if (xfp) { - xfp_value = concat_string_ref(balloc, xfp->value, - StringRef::from_lit(", "), req.scheme); - } else { - xfp_value = req.scheme; - } - nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-proto", xfp_value)); - } else if (xfp) { - nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-proto", xfp->value)); - } + // We use same protocol with :scheme header field + nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-proto", req.scheme)); } auto via = req.fs.header(http2::HD_VIA); diff --git a/src/shrpx_http_downstream_connection.cc b/src/shrpx_http_downstream_connection.cc index 8c82b3df..21658560 100644 --- a/src/shrpx_http_downstream_connection.cc +++ b/src/shrpx_http_downstream_connection.cc @@ -630,25 +630,10 @@ int HttpDownstreamConnection::push_request_headers() { buf->append("\r\n"); } if (!config->http2_proxy && !connect_method) { - auto &xfpconf = httpconf.xfp; - auto xfp = xfpconf.strip_incoming - ? nullptr - : req.fs.header(http2::HD_X_FORWARDED_PROTO); - - if (xfpconf.add) { - buf->append("X-Forwarded-Proto: "); - if (xfp) { - buf->append((*xfp).value); - buf->append(", "); - } - assert(!req.scheme.empty()); - buf->append(req.scheme); - buf->append("\r\n"); - } else if (xfp) { - buf->append("X-Forwarded-Proto: "); - buf->append((*xfp).value); - buf->append("\r\n"); - } + buf->append("X-Forwarded-Proto: "); + assert(!req.scheme.empty()); + buf->append(req.scheme); + buf->append("\r\n"); } auto via = req.fs.header(http2::HD_VIA); if (httpconf.no_via) {