Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

accept forwarded host with port #360

Merged
merged 6 commits into from
Oct 27, 2021
Merged

accept forwarded host with port #360

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2c41e1e
Fixed handling of accept_forwarded_url host if xfh contains a port
Oct 26, 2021
3eca878
Added changelog entry for accept_forwarded_url fix
Oct 26, 2021
ccb085e
Added testcase with different ports in xfh and xfpo
Oct 26, 2021
30b66af
Added documentation of edge case with port in xfh and xfpo
Oct 26, 2021
5a61882
append port if one was initially present, but xfh contains no port; a…
Oct 27, 2021
91b76b1
test case expectations are ok
Oct 27, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@ Unreleased changes are available as `avenga/couper:edge` container.

* **Added**
* Register `default` function as `coalesce` alias ([#356](https://github.com/avenga/couper/pull/356))


* **Fixed**
* Handling of [`accept_forwarded_url`](./docs/REFERENCE.md#settings-block) "host" if `H-Forwarded-Host` request header field contains a port ([#360](https://github.com/avenga/couper/pull/360))

---

## [1.5](https://github.com/avenga/couper/releases/tag/1.5)
Expand Down
2 changes: 1 addition & 1 deletion docs/REFERENCE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -490,7 +490,7 @@ gateway instance.

| Attribute(s) | Type | Default | Description | Characteristic(s) | Example |
| :------------------------------ | :----- | :------------------ | :---------- | :---------------- | :------ |
| `accept_forwarded_url` | list | `[]` | Which `X-Forwarded-*` request headers should be accepted to change the [request variables](#request) `url`, `origin`, `protocol`, `host`, `port`. Valid values: `proto`, `host`, `port` | Affects relative url values for [`sp_acs_url`](#saml-block) attribute and `redirect_uri` attribute within [beta_oauth2](#oauth2-ac-block-beta) & [beta_oidc](#oidc-block-beta). | `["proto","host","port"]` |
| `accept_forwarded_url` | list | `[]` | Which `X-Forwarded-*` request headers should be accepted to change the [request variables](#request) `url`, `origin`, `protocol`, `host`, `port`. Valid values: `proto`, `host`, `port`. The port in `X-Forwarded-Port` takes precedence over a port in `X-Forwarded-Host`. | Affects relative url values for [`sp_acs_url`](#saml-block) attribute and `redirect_uri` attribute within [beta_oauth2](#oauth2-ac-block-beta) & [beta_oidc](#oidc-block-beta). | `["proto","host","port"]` |
| `default_port` | number | `8080` | Port which will be used if not explicitly specified per host within the [`hosts`](#server-block) list. |-|-|
| `health_path` | string | `/healthz` | Health path which is available for all configured server and ports. |-|-|
| `https_dev_proxy` | list | `[]` | List of tls port mappings to define the tls listen port and the target one. A self-signed certificate will be generated on the fly based on given hostname. | Certificates will be hold in memory and are generated once. | `["443:8080", "8443:8080"]` |
Expand Down
5 changes: 3 additions & 2 deletions server/http.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -217,9 +217,10 @@ func (s *HTTPServer) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
}
if s.settings.AcceptsForwardedHost() {
if xfh := req.Header.Get("X-Forwarded-Host"); xfh != "" {
portToAppend := req.URL.Port()
req.URL.Host = xfh
if req.URL.Port() != "" {
req.URL.Host += ":" + req.URL.Port()
if portToAppend != "" && req.URL.Port() == "" {
req.URL.Host += ":" + portToAppend
}
}
}
Expand Down
286 changes: 276 additions & 10 deletions server/http_integration_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2002,6 +2002,34 @@ func TestHTTPServer_AcceptingForwardedUrl(t *testing.T) {
},
"http://localhost:8080/path",
},
{
"port, no proto, no host",
http.Header{
"X-Forwarded-Port": []string{"8081"},
},
expectation{
Protocol: "http",
Host: "localhost",
Port: 8081,
Origin: "http://localhost:8081",
Url: "http://localhost:8081/path",
},
"http://localhost:8081/path",
},
{
"proto, no host, no port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
},
expectation{
Protocol: "https",
Host: "localhost",
Port: 443,
Origin: "https://localhost",
Url: "https://localhost/path",
},
"https://localhost/path",
},
{
"proto, host, no port",
http.Header{
Expand All @@ -2017,6 +2045,21 @@ func TestHTTPServer_AcceptingForwardedUrl(t *testing.T) {
},
"https://www.example.com/path",
},
{
"proto, host with port, no port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
"X-Forwarded-Host": []string{"www.example.com:8443"},
},
expectation{
Protocol: "https",
Host: "www.example.com",
Port: 8443,
Origin: "https://www.example.com:8443",
Url: "https://www.example.com:8443/path",
},
"https://www.example.com:8443/path",
},
{
"proto, port, no host",
http.Header{
Expand All @@ -2036,16 +2079,74 @@ func TestHTTPServer_AcceptingForwardedUrl(t *testing.T) {
"host, port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com"},
"X-Forwarded-Port": []string{"8443"},
"X-Forwarded-Port": []string{"8081"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8443,
Origin: "http://www.example.com:8443",
Url: "http://www.example.com:8443/path",
Port: 8081,
Origin: "http://www.example.com:8081",
Url: "http://www.example.com:8081/path",
},
"http://www.example.com:8081/path",
},
{
"host with port, port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com:8081"},
"X-Forwarded-Port": []string{"8081"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8081,
Origin: "http://www.example.com:8081",
Url: "http://www.example.com:8081/path",
},
"http://www.example.com:8081/path",
},
{
"host with port, different port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com:8081"},
"X-Forwarded-Port": []string{"8082"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8082,
Origin: "http://www.example.com:8082",
Url: "http://www.example.com:8082/path",
},
"http://www.example.com:8443/path",
"http://www.example.com:8082/path",
},
{
"host, no port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8080,
Origin: "http://www.example.com:8080",
Url: "http://www.example.com:8080/path",
},
"http://www.example.com:8080/path",
},
{
"host with port, no proto, no port",
http.Header{
"X-Forwarded-Host": []string{"www.example.com:8081"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8081,
Origin: "http://www.example.com:8081",
Url: "http://www.example.com:8081/path",
},
"http://www.example.com:8081/path",
},
{
"proto, host, port",
Expand All @@ -2063,6 +2164,38 @@ func TestHTTPServer_AcceptingForwardedUrl(t *testing.T) {
},
"https://www.example.com:8443/path",
},
{
"proto, host with port, port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
"X-Forwarded-Host": []string{"www.example.com:8443"},
"X-Forwarded-Port": []string{"8443"},
},
expectation{
Protocol: "https",
Host: "www.example.com",
Port: 8443,
Origin: "https://www.example.com:8443",
Url: "https://www.example.com:8443/path",
},
"https://www.example.com:8443/path",
},
{
"proto, host with port, different port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
"X-Forwarded-Host": []string{"www.example.com:8443"},
"X-Forwarded-Port": []string{"9443"},
},
expectation{
Protocol: "https",
Host: "www.example.com",
Port: 9443,
Origin: "https://www.example.com:9443",
Url: "https://www.example.com:9443/path",
},
"https://www.example.com:9443/path",
},
} {
t.Run(tc.name, func(subT *testing.T) {
helper := test.New(subT)
Expand Down Expand Up @@ -2134,6 +2267,34 @@ func TestHTTPServer_XFH_AcceptingForwardedUrl(t *testing.T) {
},
"http://localhost:8080/path",
},
{
"port, no proto, no host",
http.Header{
"X-Forwarded-Port": []string{"8081"},
},
expectation{
Protocol: "http",
Host: "localhost",
Port: 8081,
Origin: "http://localhost:8081",
Url: "http://localhost:8081/path",
},
"http://localhost:8081/path",
},
{
"proto, no host, no port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
},
expectation{
Protocol: "https",
Host: "localhost",
Port: 443,
Origin: "https://localhost",
Url: "https://localhost/path",
},
"https://localhost/path",
},
{
"proto, host, no port",
http.Header{
Expand All @@ -2149,6 +2310,21 @@ func TestHTTPServer_XFH_AcceptingForwardedUrl(t *testing.T) {
},
"https://www.example.com/path",
},
{
"proto, host with port, no port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
"X-Forwarded-Host": []string{"www.example.com:8443"},
},
expectation{
Protocol: "https",
Host: "www.example.com",
Port: 443,
Origin: "https://www.example.com",
Url: "https://www.example.com/path",
},
"https://www.example.com/path",
},
{
"proto, port, no host",
http.Header{
Expand All @@ -2168,16 +2344,74 @@ func TestHTTPServer_XFH_AcceptingForwardedUrl(t *testing.T) {
"host, port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com"},
"X-Forwarded-Port": []string{"8443"},
"X-Forwarded-Port": []string{"8081"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8443,
Origin: "http://www.example.com:8443",
Url: "http://www.example.com:8443/path",
Port: 8081,
Origin: "http://www.example.com:8081",
Url: "http://www.example.com:8081/path",
},
"http://www.example.com:8081/path",
},
{
"host with port, port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com:8081"},
"X-Forwarded-Port": []string{"8081"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8081,
Origin: "http://www.example.com:8081",
Url: "http://www.example.com:8081/path",
},
"http://www.example.com:8443/path",
"http://www.example.com:8081/path",
},
{
"host with port, different port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com:8081"},
"X-Forwarded-Port": []string{"8082"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8082,
Origin: "http://www.example.com:8082",
Url: "http://www.example.com:8082/path",
},
"http://www.example.com:8082/path",
},
{
"host, no port, no proto",
http.Header{
"X-Forwarded-Host": []string{"www.example.com"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8080,
Origin: "http://www.example.com:8080",
Url: "http://www.example.com:8080/path",
},
"http://www.example.com:8080/path",
},
{
"host with port, no proto, no port",
http.Header{
"X-Forwarded-Host": []string{"www.example.com:8081"},
},
expectation{
Protocol: "http",
Host: "www.example.com",
Port: 8080,
Origin: "http://www.example.com:8080",
Url: "http://www.example.com:8080/path",
},
"http://www.example.com:8080/path",
},
{
"proto, host, port",
Expand All @@ -2195,6 +2429,38 @@ func TestHTTPServer_XFH_AcceptingForwardedUrl(t *testing.T) {
},
"https://www.example.com:8443/path",
},
{
"proto, host with port, port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
"X-Forwarded-Host": []string{"www.example.com:8443"},
"X-Forwarded-Port": []string{"8443"},
},
expectation{
Protocol: "https",
Host: "www.example.com",
Port: 8443,
Origin: "https://www.example.com:8443",
Url: "https://www.example.com:8443/path",
},
"https://www.example.com:8443/path",
},
{
"proto, host with port, different port",
http.Header{
"X-Forwarded-Proto": []string{"https"},
"X-Forwarded-Host": []string{"www.example.com:8443"},
"X-Forwarded-Port": []string{"9443"},
},
expectation{
Protocol: "https",
Host: "www.example.com",
Port: 9443,
Origin: "https://www.example.com:9443",
Url: "https://www.example.com:9443/path",
},
"https://www.example.com:9443/path",
},
} {
t.Run(tc.name, func(subT *testing.T) {
helper := test.New(subT)
Expand Down