If "upgrade-scheme" parameter is present in backend option along with
"tls" paramter, HTTP/2 :scheme pseudo header field is changed to
"https" from "http" when forwarding a request to this particular
backend. This is a workaround for a server which requests "https"
scheme on HTTP/2 connection encrypted by TLS.
Previously, for Via, X-Forwarded-For, and X-Forwarded-Proto header
field, nghttpx only forwarded the last header field of each. With
this commit, nghttpx forwards all of them if it is configured to do
so.
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --no-add-x-forwarded-proto option makes nghttpx not to
append X-Forwarded-Proto value. The
--no-strip-incoming-x-forwarded-proto option prevents nghttpx from
stripping the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit preserves this behaviour, and adds
additional knobs.
This commit adds 2 new options to handle X-Forwarded-Proto header
field. The --add-x-forwarded-proto option makes nghttpx append
X-Forwarded-Proto value. The --strip-incoming-x-forwarded-proto
option makes nghttpx to strip the header field from client.
Previously, nghttpx always strips incoming header field, and set its
own header field. This commit changes this behaviour. Now nghttpx
does not strip, and append X-Forwarded-Proto header field by default.
The X-Forwarded-For, and Forwarded header fields are also handled in
the same way. To recover the old behaviour, use
--add-x-forwarded-proto and --strip-incoming-x-forwarded-proto
options.
It is very hard to support multiple protocols in backend while
retaining multiple mode settings. Therefore, we dropped modes except
for default and HTTP/2 proxy mode. The other removed modes can be
emulated using combinations of options. Now the backend connection is
not encrypted by default. To enable encryption on backend connection,
use --backend-tls option.
This is required to avoid creation of temporary ImmutableString
like so:
std::string x;
ImmutableString y = ...;
StringRef ref = !x.empty() ? x : y;
First, temporary ImmutableString is created with x since
ImmutableString has constructor to accept std::string. After
StringRef gets this, the temporary ImmutableString is destroyed, and
ref has dangling pointer.
RFC 7540 says that proxy should not emit :authority when translating
HTTP/1 request in origin or asterisk form to HTTP/2. To keep this
semantics in tact, we should also refrain from emitting :authority if
it is missing (host header field is required in this case).
Header field related functions are now gathered into FieldStore class.
This commit only handles request. Subsequent commit will do the same
thing for response.