Skip to content

Commit 93070fa

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #7126 from timmysilv/reject-x-forwarded-scheme
set x-forwarded-scheme to be the same as x-forwarded-proto
2 parents 1b1f7d3 + 9b00a49 commit 93070fa

File tree

2 files changed

+6
-0
lines changed

2 files changed

+6
-0
lines changed

rootfs/etc/nginx/template/nginx.tmpl

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1253,6 +1253,7 @@ stream {
12531253
{{ $proxySetHeader }} X-Forwarded-Host $best_http_host;
12541254
{{ $proxySetHeader }} X-Forwarded-Port $pass_port;
12551255
{{ $proxySetHeader }} X-Forwarded-Proto $pass_access_scheme;
1256+
{{ $proxySetHeader }} X-Forwarded-Scheme $pass_access_scheme;
12561257
{{ if $all.Cfg.ProxyAddOriginalURIHeader }}
12571258
{{ $proxySetHeader }} X-Original-URI $request_uri;
12581259
{{ end }}

test/e2e/settings/forwarded_headers.go

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
5757
WithHeader("Host", host).
5858
WithHeader("X-Forwarded-Port", "1234").
5959
WithHeader("X-Forwarded-Proto", "myproto").
60+
WithHeader("X-Forwarded-Scheme", "myproto").
6061
WithHeader("X-Forwarded-For", "1.2.3.4").
6162
WithHeader("X-Forwarded-Host", "myhost").
6263
Expect().
@@ -67,6 +68,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
6768
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost"))
6869
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost"))
6970
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=myproto"))
71+
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-scheme=myproto"))
7072
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
7173
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=1.2.3.4"))
7274

@@ -105,6 +107,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
105107
WithHeader("Host", host).
106108
WithHeader("X-Forwarded-Port", "1234").
107109
WithHeader("X-Forwarded-Proto", "myproto").
110+
WithHeader("X-Forwarded-Scheme", "myproto").
108111
WithHeader("X-Forwarded-For", "1.2.3.4").
109112
WithHeader("X-Forwarded-Host", "myhost").
110113
Expect().
@@ -115,10 +118,12 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
115118
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=forwarded-headers"))
116119
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=80"))
117120
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=http"))
121+
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-scheme=http"))
118122
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-original-forwarded-for=1.2.3.4"))
119123
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost"))
120124
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost"))
121125
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=myproto"))
126+
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-scheme=myproto"))
122127
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
123128
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=1.2.3.4"))
124129
})

0 commit comments

Comments
 (0)