ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-10-01 17:25:32 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix: httpproxy: allow more passthrough headers

Browse source 
The following additional header is now allowed to come back from the remote server to the client:
* Content-Length

The following additional headers are now passed through to the remote server:
* Content-Length
* Content-Encoding
This commit is contained in:
Stéphane Lesimple 2021-06-02 09:41:04 +00:00 committed by Stéphane Lesimple
parent b364706f37
commit 45cfb78b0b
2 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
bin/proxy/osh-http-proxy-worker
View file

@ -420,7 +420,9 @@ else {
warn("Couldn't open $logfile for log write");
}
my @passthru_headers = qw{ content-type client-ssl-cert-subject client-ssl-cipher client-ssl-warning };
# those are the headers we allow to come back from the remote server to the client
# we don't passthrough content-encoding, as we've already decoded the content (for logging purposes)
my @passthru_headers = qw{ content-type content-length client-ssl-cert-subject client-ssl-cipher client-ssl-warning };
if ($res) {
foreach my $key ($res->headers->header_field_names) {
next unless (grep { lc($key) eq $_ } @passthru_headers);

4
lib/perl/OVH/Bastion/ProxyHTTP.pm
View file

@ -437,8 +437,8 @@ sub process_http_request {
push @cmd, "--insecure" if ($self->{'proxy_config'}{'insecure'} && !$enforce_secure);
# X-Test-* is only used for functional tests, and has to be passed to the remote
foreach my $key (keys %$req_headers) {
if ($key =~ /^x-test-/i || grep { lc($key) eq $_ } qw{ accept content-type connection }) {
foreach my $pattern (qw{ accept content-type content-length content-encoding x-test-[a-z-]+ }) {
foreach my $key (grep { /^$pattern$/i } keys %$req_headers) {
push @cmd, "--header", $key . ':' . $req_headers->{$key};
}
}