Merge tag '3.20.1'

expressjs · Mar 1, 2015 · cd6df76 · cd6df76
2 parents 51f960f + b2311c7
commit cd6df76
Show file tree

Hide file tree

Showing 7 changed files with 67 additions and 3 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -3,5 +3,6 @@ node_js:
   - "0.10"
   - "0.12"
 sudo: false
+before_install: "npm rm --save-dev connect-redis"
 script: "npm run-script test-ci"
 after_script: "npm install coveralls@2.10.0 && cat ./coverage/lcov.info | coveralls"
diff --git a/History.md b/History.md
@@ -1,3 +1,9 @@
+unreleased
+==========
+
+  * Fix `req.host` when using "trust proxy" hops count
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
 4.12.0 / 2015-02-23
 ===================
 
@@ -702,6 +708,12 @@
    - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
    - Router & Route - public API
 
+3.20.1 / 2015-02-28
+===================
+
+  * Fix `req.host` when using "trust proxy" hops count
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
 3.20.0 / 2015-02-18
 ===================
 

diff --git a/lib/request.js b/lib/request.js
@@ -268,7 +268,7 @@ defineGetter(req, 'protocol', function protocol(){
     : 'http';
   var trust = this.app.get('trust proxy fn');
 
-  if (!trust(this.connection.remoteAddress)) {
+  if (!trust(this.connection.remoteAddress, 0)) {
     return proto;
   }
 
@@ -378,7 +378,7 @@ defineGetter(req, 'hostname', function hostname(){
   var trust = this.app.get('trust proxy fn');
   var host = this.get('X-Forwarded-Host');
 
-  if (!host || !trust(this.connection.remoteAddress)) {
+  if (!host || !trust(this.connection.remoteAddress, 0)) {
     host = this.get('Host');
   }
 

diff --git a/package.json b/package.json
@@ -60,7 +60,6 @@
     "mocha": "~2.1.0",
     "should": "~5.0.1",
     "supertest": "~0.15.0",
-    "hjs": "~0.0.6",
     "body-parser": "~1.12.0",
     "connect-redis": "~2.2.0",
     "cookie-parser": "~1.3.4",

diff --git a/test/req.host.js b/test/req.host.js
@@ -117,6 +117,24 @@ describe('req', function(){
         .set('Host', 'example.com')
         .expect('example.com', done);
       })
+
+      describe('when trusting hop count', function () {
+        it('should respect X-Forwarded-Host', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.use(function (req, res) {
+            res.end(req.host);
+          });
+
+          request(app)
+          .get('/')
+          .set('Host', 'localhost')
+          .set('X-Forwarded-Host', 'example.com')
+          .expect('example.com', done);
+        })
+      })
     })
 
     describe('when "trust proxy" is disabled', function(){

diff --git a/test/req.protocol.js b/test/req.protocol.js
@@ -75,6 +75,23 @@ describe('req', function(){
         .get('/')
         .expect('http', done);
       })
+
+      describe('when trusting hop count', function () {
+        it('should respect X-Forwarded-Proto', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.use(function (req, res) {
+            res.end(req.protocol);
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-Proto', 'https')
+          .expect('https', done);
+        })
+      })
     })
 
     describe('when "trust proxy" is disabled', function(){

diff --git a/test/req.secure.js b/test/req.secure.js
@@ -78,6 +78,23 @@ describe('req', function(){
         .set('X-Forwarded-Proto', 'https, http')
         .expect('yes', done)
       })
+
+      describe('when "trust proxy" trusting hop count', function () {
+        it('should respect X-Forwarded-Proto', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.get('/', function (req, res) {
+            res.send(req.secure ? 'yes' : 'no');
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-Proto', 'https')
+          .expect('yes', done)
+        })
+      })
     })
   })
 })