Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request support for X-Forwarded-* and Forwarded HTTP Request headers in Elda #215

Closed
skwlilac opened this issue Aug 21, 2018 · 2 comments
Closed

Request support for X-Forwarded-* and Forwarded HTTP Request headers in Elda #215

skwlilac opened this issue Aug 21, 2018 · 2 comments
Assignees
@ehedgehog @skwlilac @simonoakesepimorphics
Labels
enhancement

Comments

@skwlilac
Copy link
Contributor

To address the problems reported in #207 and #185 please can we add support for the following HTTP protocol request headers:

The Forwarded header is a standardised header that covers the functionality of the other two, but all 3 seem to be in use. Note that host values can carry both hostname and port number.

A minimum request would be to implement just X-Forwarded-Proto

In combination these headers provide a mechanism to pass information about the originating client's request URI through to potentially multiple layers proxies used in the a service implementation. Crucially in the case of ELDA they provide a means to make a distinction between requests that originate using https: URI or http: URI so that ELDA can use the correct scheme in the relevant absolute URI that it generates in responses.

The relevant URI in ELDA's case are those that it explicitly generates in the page metadata and during the rendering process were it may add URI for sorted and filtered variants of a page. However, I believe that all the relevant URI are generated from a single 'pageURI' which, afaict, is currently computed by the method RouterRestlet.makeRequestURI(...).

It may also be work checking other code locations that are influenced by api:base settings in Elda config files.

If any of these headers are present, scheme, host and port, should take precidence over any default in the absence of an api:base configuration. If api:base has a relative value, then header supplied scheme, host and prot (such as are supplied) should take precidence (since they will not have been assert in a relative api:base). If api:base is given as an absolute URI (ie. one with a scheme - and I think inevitably a host) then I think it should be respected, though that (along with any of this request) is up for discussion.
@simonoakesepimorphics
Copy link
Contributor

PR: https://github.com/epimorphics/elda/pull/216/files

@skwlilac
Copy link
Contributor Author

A couple more thoughts/comments:

As far as I know, X-Forwarded-Host may carry both the host name and a non-default port number from the original request. It's not clear to me that the host(host) call in the middle of:

simonoakesepimorphics added a commit that referenced this issue Sep 5, 2018
@simonoakesepimorphics
Merge pull request #216 from epimorphics/215-forward-header-support
ff75487 
Issue #215 forward header support
ehedgehog pushed a commit that referenced this issue Sep 17, 2018
New version, 2.0.0, of Elda.
42b6a6b 
New major version because default for forwarding headers is enabled,
rather than disabled: #215.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ehedgehog ehedgehog

@skwlilac skwlilac

@simonoakesepimorphics simonoakesepimorphics

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ehedgehog @skwlilac @simonoakesepimorphics