DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #7126 from timmysilv/reject-x-forwarded-scheme

Browse source 
set x-forwarded-scheme to be the same as x-forwarded-proto
This commit is contained in:
Kubernetes Prow Robot 2021-05-18 04:09:30 -07:00 committed by GitHub
commit 93070faaff
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
rootfs/etc/nginx/template/nginx.tmpl
View file

@ -1253,6 +1253,7 @@ stream {
{{ $proxySetHeader }} X-Forwarded-Host $best_http_host;
{{ $proxySetHeader }} X-Forwarded-Port $pass_port;
{{ $proxySetHeader }} X-Forwarded-Proto $pass_access_scheme;
{{ $proxySetHeader }} X-Forwarded-Scheme $pass_access_scheme;
{{ if $all.Cfg.ProxyAddOriginalURIHeader }}
{{ $proxySetHeader }} X-Original-URI $request_uri;
{{ end }}

5
test/e2e/settings/forwarded_headers.go
View file

@ -57,6 +57,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
WithHeader("Host", host).
WithHeader("X-Forwarded-Port", "1234").
WithHeader("X-Forwarded-Proto", "myproto").
WithHeader("X-Forwarded-Scheme", "myproto").
WithHeader("X-Forwarded-For", "1.2.3.4").
WithHeader("X-Forwarded-Host", "myhost").
Expect().
@ -67,6 +68,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=myproto"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-scheme=myproto"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=1.2.3.4"))
@ -105,6 +107,7 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
WithHeader("Host", host).
WithHeader("X-Forwarded-Port", "1234").
WithHeader("X-Forwarded-Proto", "myproto").
WithHeader("X-Forwarded-Scheme", "myproto").
WithHeader("X-Forwarded-For", "1.2.3.4").
WithHeader("X-Forwarded-Host", "myhost").
Expect().
@ -115,10 +118,12 @@ var _ = framework.DescribeSetting("use-forwarded-headers", func() {
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=forwarded-headers"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=80"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=http"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-scheme=http"))
assert.Contains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-original-forwarded-for=1.2.3.4"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("host=myhost"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-host=myhost"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-proto=myproto"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-scheme=myproto"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-port=1234"))
assert.NotContains(ginkgo.GinkgoT(), body, fmt.Sprintf("x-forwarded-for=1.2.3.4"))
})