From ba5d9d3352679b67ec4d8e27dfce3861bb8ba0cd Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Fri, 21 Mar 2014 18:57:57 +0900 Subject: [PATCH] nghttpx: Add x-forwarded-proto header field to downstream HTTP/2 request --- src/shrpx_http2_downstream_connection.cc | 26 +++++++++++++++++++----- src/shrpx_http_downstream_connection.cc | 4 ++-- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/src/shrpx_http2_downstream_connection.cc b/src/shrpx_http2_downstream_connection.cc index 6cc42e14..bd7bc438 100644 --- a/src/shrpx_http2_downstream_connection.cc +++ b/src/shrpx_http2_downstream_connection.cc @@ -246,15 +246,16 @@ int Http2DownstreamConnection::push_request_headers() downstream_->concat_norm_request_headers(); auto end_headers = std::end(downstream_->get_request_headers()); - // 6 means: + // 7 means: // 1. :method // 2. :scheme // 3. :path // 4. :authority (optional) // 5. via (optional) // 6. x-forwarded-for (optional) + // 7. x-forwarded-proto (optional) auto nva = std::vector(); - nva.reserve(nheader + 6); + nva.reserve(nheader + 7); std::string via_value; std::string xff_value; std::string scheme, authority, path, query; @@ -308,9 +309,11 @@ int Http2DownstreamConnection::push_request_headers() } } if(scheme.empty()) { - // The default scheme is http. For HTTP2 upstream, the path must - // be absolute URI, so scheme should be provided. - nva.push_back(http2::make_nv_ll(":scheme", "http")); + if(client_handler_->get_ssl()) { + nva.push_back(http2::make_nv_ll(":scheme", "https")); + } else { + nva.push_back(http2::make_nv_ll(":scheme", "http")); + } } else { nva.push_back(http2::make_nv_ls(":scheme", scheme)); } @@ -370,6 +373,19 @@ int Http2DownstreamConnection::push_request_headers() nva.push_back(http2::make_nv_ls("x-forwarded-for", (*xff).second)); } + if(downstream_->get_request_method() != "CONNECT") { + // We use same protocol with :scheme header field + if(scheme.empty()) { + if(client_handler_->get_ssl()) { + nva.push_back(http2::make_nv_ll("x-forwarded-proto", "https")); + } else { + nva.push_back(http2::make_nv_ll("x-forwarded-proto", "http")); + } + } else { + nva.push_back(http2::make_nv_ls("x-forwarded-proto", scheme.c_str())); + } + } + auto via = downstream_->get_norm_request_header("via"); if(get_config()->no_via) { if(via != end_headers) { diff --git a/src/shrpx_http_downstream_connection.cc b/src/shrpx_http_downstream_connection.cc index 239126b0..f1939bb5 100644 --- a/src/shrpx_http_downstream_connection.cc +++ b/src/shrpx_http_downstream_connection.cc @@ -175,7 +175,7 @@ int HttpDownstreamConnection::push_request_headers() http2::sanitize_header_value(hdrs, hdrs.size() - (*xff).second.size()); hdrs += ", "; } - hdrs += downstream_->get_upstream()->get_client_handler()->get_ipaddr(); + hdrs += client_handler_->get_ipaddr(); hdrs += "\r\n"; } else if(xff != end_headers) { hdrs += "X-Forwarded-For: "; @@ -188,7 +188,7 @@ int HttpDownstreamConnection::push_request_headers() if(!downstream_->get_request_http2_scheme().empty()) { hdrs += downstream_->get_request_http2_scheme(); hdrs += "\r\n"; - } else if(util::istartsWith(downstream_->get_request_path(), "https:")) { + } else if(client_handler_->get_ssl()) { hdrs += "https\r\n"; } else { hdrs += "http\r\n";