Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ForwardedRequestCustomizer behavior should not be applied to requests without forwarding headers #5445

Merged
merged 7 commits into from
Oct 13, 2020

Conversation

joakime
Copy link
Contributor

@joakime joakime commented Oct 13, 2020

If the request has no Forwarding headers, the customization that ForwardingRequestCustomizer typically does should be skipped.

Closes #5443

Signed-off-by: Joakim Erdfelt joakim.erdfelt@gmail.com

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Copy link
Contributor

@gregw gregw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The proto and secure logic is spread out too much and too convoluted.
I think it should just be in one spot and should be something like:

    if (forwarded._proto != null)
    {
      request.setScheme(forwarded._proto);
      if (forwarded._proto.equalsIgnoreCase(config.getSecureScheme())
        request.setSecure(true);
    }
    if (forwarded.isSecure())
    {
        request.setSecure(true);
        if (forwarded._proto == null)
          request.setScheme(config.getSecureScheme());
    }

that might not be exactly right... but you get the idea. Put it all in one spot and try to separate concerns as much as possible.

// Set secure status
if (forwarded.isSecure() ||
proto.equalsIgnoreCase(config.getSecureScheme()) ||
port == getSecurePort(config))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm don't think that just because it arrives on the secure port is sufficient to make it secure. Some ports might do both secure and insecure requests.

@gregw
Copy link
Contributor

gregw commented Oct 13, 2020

Isn't this for #5437 not #5443 ???

@joakime
Copy link
Contributor Author

joakime commented Oct 13, 2020

Isn't this for #5437 not #5443 ???

Issue #5437 is about this kind of request ...

GET https://localhost:12345 HTTP/1.1
Host: localhost

A request with no forwarding headers, a fully qualified URL in the request-line, with https.
Which altered the scheme/proto in the wrong way.

Which is a (modified) test case in this PR ...

https://github.com/eclipse/jetty.project/blob/0b646ee6b78c5e4e1dff6ddbf641b839360d8a87/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java#L178-L186

This testcase is just to prevent regression in the future.

But the fix was actually handled in PR #5419

The fix to not act if there are no forwarding headers, which is what this PR covers, also addresses this above example, not changing the request.metadata if there's no forwarding headers. (so in essence issue #5437 was fixed in two different ways).

Issue #5443 is about an NPE when there are no forwarding headers and the Host is empty (example in issue is given in HTTP/1.0)

Which is two test cases in this PR ...

https://github.com/eclipse/jetty.project/blob/0b646ee6b78c5e4e1dff6ddbf641b839360d8a87/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java#L138-L157

+ Simplify isSecure handling in customize.
+ Simplify handling of `Proxy-Ssl-Id` header.
+ Simplify handling of `Proxy-auth-cert` header.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Improve / document implied secure scheme behaviors
  for both `Proxy-Ssl-Id` or `Proxy-auth-cert`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+ Additional tests for HTTP/1.0
+ Overly complex negative test cases for
   `X-Forwarded-Proto: http` and
   `X-Proxied-Https: off`
+ Failure testcase for `X-Proxied-Https: foo`

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Additional NPE safety checks.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
The `X-Proxied-Https: off` case should have an implied port
not a hardcoded port.

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
@joakime joakime changed the title Forwarding Headers are optional ForwardedRequestCustomizer behavior not applied to requests without forwarding headers Oct 13, 2020
@joakime joakime changed the title ForwardedRequestCustomizer behavior not applied to requests without forwarding headers ForwardedRequestCustomizer behavior should not be applied to requests without forwarding headers Oct 13, 2020
@joakime joakime requested a review from gregw October 13, 2020 14:55
Cleanup handling of forwarded.authority

Signed-off-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
@joakime joakime merged commit 4d0edf9 into jetty-9.4.x Oct 13, 2020
@joakime joakime deleted the jetty-9.4.x-5443-forwarding-headers-optional branch October 13, 2020 17:20
@bentmann
Copy link

Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug For general bugs on Jetty side
Projects
None yet
3 participants