fix(proxy) set http_if_terminated false by default #2588

p0pr0ck5 · 2017-05-31T23:00:42Z

Summary

Assume a (very mildly) more agressive posture by disabling interpretation of the X-Forwarded-Proto header in HTTPS-only APIs by default when the client sent a plaintext connection. This does not improve any functional posturing in the analysis of plaintext connections, but it does require that operators explicitly set this value (and thus assumedly understand the current implications of such a configuration)

Full changelog

Set the http_if_terminated API schema member to false by default.

Issues resolved

Fix #2583

Assume a (very mildly) more agressive posture by disabling interpretation of the X-Forwarded-Proto header in HTTPS-only APIs by default when the client sent a plaintext connection.

shashiranjan84 · 2017-06-13T16:47:25Z

LGTM @p0pr0ck5

fix(proxy) set http_if_terminated false by default

6bbdf71

Assume a (very mildly) more agressive posture by disabling interpretation of the X-Forwarded-Proto header in HTTPS-only APIs by default when the client sent a plaintext connection.

p0pr0ck5 added the pr/status/please review label May 31, 2017

shashiranjan84 self-requested a review June 13, 2017 16:47

shashiranjan84 approved these changes Jun 13, 2017

View reviewed changes

p0pr0ck5 merged commit 56a6cbf into master Jun 13, 2017

p0pr0ck5 deleted the fix/default_http_if_terminated branch June 13, 2017 16:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(proxy) set http_if_terminated false by default #2588

fix(proxy) set http_if_terminated false by default #2588

p0pr0ck5 commented May 31, 2017

shashiranjan84 commented Jun 13, 2017

fix(proxy) set http_if_terminated false by default #2588

fix(proxy) set http_if_terminated false by default #2588

Conversation

p0pr0ck5 commented May 31, 2017

Summary

Full changelog

Issues resolved

shashiranjan84 commented Jun 13, 2017