Revert "nghttpx: Add options for X-Forwarded-Proto header field"
This reverts commit 8c0b2c684a.
This commit is contained in:
Tatsuhiro Tsujikawa
parent
ef92b54db3
commit
980570de71
|
|
@ -163,8 +163,6 @@ OPTIONS = [
|
||||||
"redirect-https-port",
|
"redirect-https-port",
|
||||||
"frontend-max-requests",
|
"frontend-max-requests",
|
||||||
"single-thread",
|
"single-thread",
|
||||||
"no-add-x-forwarded-proto",
|
|
||||||
"strip-incoming-x-forwarded-proto",
|
|
||||||
"single-process",
|
"single-process",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
|
|
||||||
19
src/shrpx.cc
19
src/shrpx.cc
|
|
@ -2485,12 +2485,6 @@ HTTP:
|
||||||
--strip-incoming-x-forwarded-for
|
--strip-incoming-x-forwarded-for
|
||||||
Strip X-Forwarded-For header field from inbound client
|
Strip X-Forwarded-For header field from inbound client
|
||||||
requests.
|
requests.
|
||||||
--add-x-forwarded-proto
|
|
||||||
Append X-Forwarded-Proto header field to the backend
|
|
||||||
request.
|
|
||||||
--strip-incoming-x-forwarded-proto
|
|
||||||
Strip X-Forwarded-Proto header field from inbound client
|
|
||||||
requests.
|
|
||||||
--add-forwarded=<LIST>
|
--add-forwarded=<LIST>
|
||||||
Append RFC 7239 Forwarded header field with parameters
|
Append RFC 7239 Forwarded header field with parameters
|
||||||
specified in comma delimited list <LIST>. The supported
|
specified in comma delimited list <LIST>. The supported
|
||||||
|
|
@ -3333,9 +3327,6 @@ int main(int argc, char **argv) {
|
||||||
{SHRPX_OPT_FRONTEND_MAX_REQUESTS.c_str(), required_argument, &flag,
|
{SHRPX_OPT_FRONTEND_MAX_REQUESTS.c_str(), required_argument, &flag,
|
||||||
155},
|
155},
|
||||||
{SHRPX_OPT_SINGLE_THREAD.c_str(), no_argument, &flag, 156},
|
{SHRPX_OPT_SINGLE_THREAD.c_str(), no_argument, &flag, 156},
|
||||||
{SHRPX_OPT_ADD_X_FORWARDED_PROTO.c_str(), no_argument, &flag, 157},
|
|
||||||
{SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_PROTO.c_str(), no_argument, &flag,
|
|
||||||
158},
|
|
||||||
{SHRPX_OPT_SINGLE_PROCESS.c_str(), no_argument, &flag, 159},
|
{SHRPX_OPT_SINGLE_PROCESS.c_str(), no_argument, &flag, 159},
|
||||||
{nullptr, 0, nullptr, 0}};
|
{nullptr, 0, nullptr, 0}};
|
||||||
|
|
||||||
|
|
@ -4073,16 +4064,6 @@ int main(int argc, char **argv) {
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_SINGLE_THREAD,
|
cmdcfgs.emplace_back(SHRPX_OPT_SINGLE_THREAD,
|
||||||
StringRef::from_lit("yes"));
|
StringRef::from_lit("yes"));
|
||||||
break;
|
break;
|
||||||
case 157:
|
|
||||||
// --add-x-forwarded-proto
|
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_ADD_X_FORWARDED_PROTO,
|
|
||||||
StringRef::from_lit("yes"));
|
|
||||||
break;
|
|
||||||
case 158:
|
|
||||||
// --strip-incoming-x-forwarded-proto
|
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_PROTO,
|
|
||||||
StringRef::from_lit("yes"));
|
|
||||||
break;
|
|
||||||
case 159:
|
case 159:
|
||||||
// --single-process
|
// --single-process
|
||||||
cmdcfgs.emplace_back(SHRPX_OPT_SINGLE_PROCESS,
|
cmdcfgs.emplace_back(SHRPX_OPT_SINGLE_PROCESS,
|
||||||
|
|
|
||||||
|
|
@ -1819,11 +1819,6 @@ int option_lookup_token(const char *name, size_t namelen) {
|
||||||
return SHRPX_OPTID_TLS_MIN_PROTO_VERSION;
|
return SHRPX_OPTID_TLS_MIN_PROTO_VERSION;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'o':
|
|
||||||
if (util::strieq_l("add-x-forwarded-prot", name, 20)) {
|
|
||||||
return SHRPX_OPTID_ADD_X_FORWARDED_PROTO;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'r':
|
case 'r':
|
||||||
if (util::strieq_l("tls-ticket-key-ciphe", name, 20)) {
|
if (util::strieq_l("tls-ticket-key-ciphe", name, 20)) {
|
||||||
return SHRPX_OPTID_TLS_TICKET_KEY_CIPHER;
|
return SHRPX_OPTID_TLS_TICKET_KEY_CIPHER;
|
||||||
|
|
@ -2056,11 +2051,6 @@ int option_lookup_token(const char *name, size_t namelen) {
|
||||||
return SHRPX_OPTID_BACKEND_CONNECTIONS_PER_FRONTEND;
|
return SHRPX_OPTID_BACKEND_CONNECTIONS_PER_FRONTEND;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'o':
|
|
||||||
if (util::strieq_l("strip-incoming-x-forwarded-prot", name, 31)) {
|
|
||||||
return SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_PROTO;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 33:
|
case 33:
|
||||||
|
|
@ -3369,14 +3359,6 @@ int parse_config(Config *config, int optid, const StringRef &opt,
|
||||||
case SHRPX_OPTID_SINGLE_THREAD:
|
case SHRPX_OPTID_SINGLE_THREAD:
|
||||||
config->single_thread = util::strieq_l("yes", optarg);
|
config->single_thread = util::strieq_l("yes", optarg);
|
||||||
|
|
||||||
return 0;
|
|
||||||
case SHRPX_OPTID_ADD_X_FORWARDED_PROTO:
|
|
||||||
config->http.xfp.add = util::strieq_l("yes", optarg);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
case SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_PROTO:
|
|
||||||
config->http.xfp.strip_incoming = util::strieq_l("yes", optarg);
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
case SHRPX_OPTID_SINGLE_PROCESS:
|
case SHRPX_OPTID_SINGLE_PROCESS:
|
||||||
config->single_process = util::strieq_l("yes", optarg);
|
config->single_process = util::strieq_l("yes", optarg);
|
||||||
|
|
|
||||||
|
|
@ -336,10 +336,6 @@ constexpr auto SHRPX_OPT_REDIRECT_HTTPS_PORT =
|
||||||
constexpr auto SHRPX_OPT_FRONTEND_MAX_REQUESTS =
|
constexpr auto SHRPX_OPT_FRONTEND_MAX_REQUESTS =
|
||||||
StringRef::from_lit("frontend-max-requests");
|
StringRef::from_lit("frontend-max-requests");
|
||||||
constexpr auto SHRPX_OPT_SINGLE_THREAD = StringRef::from_lit("single-thread");
|
constexpr auto SHRPX_OPT_SINGLE_THREAD = StringRef::from_lit("single-thread");
|
||||||
constexpr auto SHRPX_OPT_ADD_X_FORWARDED_PROTO =
|
|
||||||
StringRef::from_lit("add-x-forwarded-proto");
|
|
||||||
constexpr auto SHRPX_OPT_STRIP_INCOMING_X_FORWARDED_PROTO =
|
|
||||||
StringRef::from_lit("strip-incoming-x-forwarded-proto");
|
|
||||||
constexpr auto SHRPX_OPT_SINGLE_PROCESS = StringRef::from_lit("single-process");
|
constexpr auto SHRPX_OPT_SINGLE_PROCESS = StringRef::from_lit("single-process");
|
||||||
|
|
||||||
constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
|
constexpr size_t SHRPX_OBFUSCATED_NODE_LENGTH = 8;
|
||||||
|
|
@ -643,10 +639,6 @@ struct HttpConfig {
|
||||||
bool add;
|
bool add;
|
||||||
bool strip_incoming;
|
bool strip_incoming;
|
||||||
} xff;
|
} xff;
|
||||||
struct {
|
|
||||||
bool add;
|
|
||||||
bool strip_incoming;
|
|
||||||
} xfp;
|
|
||||||
std::vector<AltSvc> altsvcs;
|
std::vector<AltSvc> altsvcs;
|
||||||
std::vector<ErrorPage> error_pages;
|
std::vector<ErrorPage> error_pages;
|
||||||
HeaderRefs add_request_headers;
|
HeaderRefs add_request_headers;
|
||||||
|
|
@ -941,7 +933,6 @@ enum {
|
||||||
SHRPX_OPTID_ADD_REQUEST_HEADER,
|
SHRPX_OPTID_ADD_REQUEST_HEADER,
|
||||||
SHRPX_OPTID_ADD_RESPONSE_HEADER,
|
SHRPX_OPTID_ADD_RESPONSE_HEADER,
|
||||||
SHRPX_OPTID_ADD_X_FORWARDED_FOR,
|
SHRPX_OPTID_ADD_X_FORWARDED_FOR,
|
||||||
SHRPX_OPTID_ADD_X_FORWARDED_PROTO,
|
|
||||||
SHRPX_OPTID_ALTSVC,
|
SHRPX_OPTID_ALTSVC,
|
||||||
SHRPX_OPTID_API_MAX_REQUEST_BODY,
|
SHRPX_OPTID_API_MAX_REQUEST_BODY,
|
||||||
SHRPX_OPTID_BACKEND,
|
SHRPX_OPTID_BACKEND,
|
||||||
|
|
@ -1060,7 +1051,6 @@ enum {
|
||||||
SHRPX_OPTID_STREAM_WRITE_TIMEOUT,
|
SHRPX_OPTID_STREAM_WRITE_TIMEOUT,
|
||||||
SHRPX_OPTID_STRIP_INCOMING_FORWARDED,
|
SHRPX_OPTID_STRIP_INCOMING_FORWARDED,
|
||||||
SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_FOR,
|
SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_FOR,
|
||||||
SHRPX_OPTID_STRIP_INCOMING_X_FORWARDED_PROTO,
|
|
||||||
SHRPX_OPTID_SUBCERT,
|
SHRPX_OPTID_SUBCERT,
|
||||||
SHRPX_OPTID_SYSLOG_FACILITY,
|
SHRPX_OPTID_SYSLOG_FACILITY,
|
||||||
SHRPX_OPTID_TLS_DYN_REC_IDLE_TIMEOUT,
|
SHRPX_OPTID_TLS_DYN_REC_IDLE_TIMEOUT,
|
||||||
|
|
|
||||||
|
|
@ -371,24 +371,8 @@ int Http2DownstreamConnection::push_request_headers() {
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!config->http2_proxy && req.method != HTTP_CONNECT) {
|
if (!config->http2_proxy && req.method != HTTP_CONNECT) {
|
||||||
auto &xfpconf = httpconf.xfp;
|
|
||||||
auto xfp = xfpconf.strip_incoming
|
|
||||||
? nullptr
|
|
||||||
: req.fs.header(http2::HD_X_FORWARDED_PROTO);
|
|
||||||
|
|
||||||
if (xfpconf.add) {
|
|
||||||
StringRef xfp_value;
|
|
||||||
// We use same protocol with :scheme header field
|
// We use same protocol with :scheme header field
|
||||||
if (xfp) {
|
nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-proto", req.scheme));
|
||||||
xfp_value = concat_string_ref(balloc, xfp->value,
|
|
||||||
StringRef::from_lit(", "), req.scheme);
|
|
||||||
} else {
|
|
||||||
xfp_value = req.scheme;
|
|
||||||
}
|
|
||||||
nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-proto", xfp_value));
|
|
||||||
} else if (xfp) {
|
|
||||||
nva.push_back(http2::make_nv_ls_nocopy("x-forwarded-proto", xfp->value));
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
auto via = req.fs.header(http2::HD_VIA);
|
auto via = req.fs.header(http2::HD_VIA);
|
||||||
|
|
|
||||||
|
|
@ -630,25 +630,10 @@ int HttpDownstreamConnection::push_request_headers() {
|
||||||
buf->append("\r\n");
|
buf->append("\r\n");
|
||||||
}
|
}
|
||||||
if (!config->http2_proxy && !connect_method) {
|
if (!config->http2_proxy && !connect_method) {
|
||||||
auto &xfpconf = httpconf.xfp;
|
|
||||||
auto xfp = xfpconf.strip_incoming
|
|
||||||
? nullptr
|
|
||||||
: req.fs.header(http2::HD_X_FORWARDED_PROTO);
|
|
||||||
|
|
||||||
if (xfpconf.add) {
|
|
||||||
buf->append("X-Forwarded-Proto: ");
|
buf->append("X-Forwarded-Proto: ");
|
||||||
if (xfp) {
|
|
||||||
buf->append((*xfp).value);
|
|
||||||
buf->append(", ");
|
|
||||||
}
|
|
||||||
assert(!req.scheme.empty());
|
assert(!req.scheme.empty());
|
||||||
buf->append(req.scheme);
|
buf->append(req.scheme);
|
||||||
buf->append("\r\n");
|
buf->append("\r\n");
|
||||||
} else if (xfp) {
|
|
||||||
buf->append("X-Forwarded-Proto: ");
|
|
||||||
buf->append((*xfp).value);
|
|
||||||
buf->append("\r\n");
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
auto via = req.fs.header(http2::HD_VIA);
|
auto via = req.fs.header(http2::HD_VIA);
|
||||||
if (httpconf.no_via) {
|
if (httpconf.no_via) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue