From 45cfb78b0bff5407a181f64f2f9fe6efbca1c04e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?=
 <stephane.lesimple+bastion@ovhcloud.com>
Date: Wed, 2 Jun 2021 09:41:04 +0000
Subject: [PATCH] fix: httpproxy: allow more passthrough headers

The following additional header is now allowed to come back from the remote server to the client:
* Content-Length

The following additional headers are now passed through to the remote server:
* Content-Length
* Content-Encoding
---
 bin/proxy/osh-http-proxy-worker   | 4 +++-
 lib/perl/OVH/Bastion/ProxyHTTP.pm | 4 ++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/bin/proxy/osh-http-proxy-worker b/bin/proxy/osh-http-proxy-worker
index 29e00d8..d662eed 100755
--- a/bin/proxy/osh-http-proxy-worker
+++ b/bin/proxy/osh-http-proxy-worker
@@ -420,7 +420,9 @@ else {
     warn("Couldn't open $logfile for log write");
 }
 
-my @passthru_headers = qw{ content-type client-ssl-cert-subject client-ssl-cipher client-ssl-warning };
+# those are the headers we allow to come back from the remote server to the client
+# we don't passthrough content-encoding, as we've already decoded the content (for logging purposes)
+my @passthru_headers = qw{ content-type content-length client-ssl-cert-subject client-ssl-cipher client-ssl-warning };
 if ($res) {
     foreach my $key ($res->headers->header_field_names) {
         next unless (grep { lc($key) eq $_ } @passthru_headers);
diff --git a/lib/perl/OVH/Bastion/ProxyHTTP.pm b/lib/perl/OVH/Bastion/ProxyHTTP.pm
index a44a0d7..f8455e8 100644
--- a/lib/perl/OVH/Bastion/ProxyHTTP.pm
+++ b/lib/perl/OVH/Bastion/ProxyHTTP.pm
@@ -437,8 +437,8 @@ sub process_http_request {
     push @cmd, "--insecure"        if ($self->{'proxy_config'}{'insecure'} && !$enforce_secure);
 
     # X-Test-* is only used for functional tests, and has to be passed to the remote
-    foreach my $key (keys %$req_headers) {
-        if ($key =~ /^x-test-/i || grep { lc($key) eq $_ } qw{ accept content-type connection }) {
+    foreach my $pattern (qw{ accept content-type content-length content-encoding x-test-[a-z-]+ }) {
+        foreach my $key (grep { /^$pattern$/i } keys %$req_headers) {
             push @cmd, "--header", $key . ':' . $req_headers->{$key};
         }
     }