Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #5443 - Forwarding Headers are optional 

+ Improve / document implied secure scheme behaviors
  for both `Proxy-Ssl-Id` or `Proxy-auth-cert`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
This commit is contained in:
Joakim Erdfelt 2020-10-13 07:15:38 -05:00
parent f0681b33eb
commit abdada05b1
No known key found for this signature in database
GPG Key ID: 2D0E1FB8FE4B68B4
1 changed files with 21 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
View File

@ -481,8 +481,6 @@ public class ForwardedRequestCustomizer implements Customizer
if (match) if (match)
{ {
String proto;
// Is secure status configured from headers? // Is secure status configured from headers?
if (forwarded.isSecure()) if (forwarded.isSecure())
{ {
@ -492,8 +490,12 @@ public class ForwardedRequestCustomizer implements Customizer
// Set Scheme from configured protocol // Set Scheme from configured protocol
if (forwarded._proto != null) if (forwarded._proto != null)
{ {
proto = forwarded._proto; request.setScheme(forwarded._proto);
request.setScheme(proto); }
// Set scheme if header implies secure scheme is to be used (see #isSslIsSecure())
else if (forwarded._secureScheme)
{
request.setScheme(config.getSecureScheme());
} }
// Set authority // Set authority
@ -741,6 +743,7 @@ public class ForwardedRequestCustomizer implements Customizer
String _proto; String _proto;
Source _protoSource = Source.UNSET; Source _protoSource = Source.UNSET;
Boolean _secure; Boolean _secure;
boolean _secureScheme = false;
public Forwarded(Request request, HttpConfiguration config) public Forwarded(Request request, HttpConfiguration config)
{ {
@ -784,25 +787,35 @@ public class ForwardedRequestCustomizer implements Customizer
return _for; return _for;
} }
@SuppressWarnings("unused") /**
* Called if header is <code>Proxy-auth-cert</code>
*/
public void handleCipherSuite(HttpField field) public void handleCipherSuite(HttpField field)
{ {
_request.setAttribute("javax.servlet.request.cipher_suite", field.getValue()); _request.setAttribute("javax.servlet.request.cipher_suite", field.getValue());
// Is ForwardingRequestCustomizer configured to trigger isSecure and scheme change on this header?
if (isSslIsSecure()) if (isSslIsSecure())
{ {
_secure = true; _secure = true;
_proto = "https"; // track desire for secure scheme, actual protocol will be resolved later.
_secureScheme = true;
} }
} }
@SuppressWarnings("unused") /**
* Called if header is <code>Proxy-Ssl-Id</code>
*/
public void handleSslSessionId(HttpField field) public void handleSslSessionId(HttpField field)
{ {
_request.setAttribute("javax.servlet.request.ssl_session_id", field.getValue()); _request.setAttribute("javax.servlet.request.ssl_session_id", field.getValue());
// Is ForwardingRequestCustomizer configured to trigger isSecure and scheme change on this header?
if (isSslIsSecure()) if (isSslIsSecure())
{ {
_secure = true; _secure = true;
_proto = "https"; // track desire for secure scheme, actual protocol will be resolved later.
_secureScheme = true;
} }
} }