Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider X-Forwarded-Proto when setting the Request's originalRef property. #1191

Closed
jwinfield opened this issue Feb 16, 2016 · 2 comments
Closed

Consider X-Forwarded-Proto when setting the Request's originalRef property. #1191

jwinfield opened this issue Feb 16, 2016 · 2 comments
Labels
Module: Restlet Engine State: new Type: bug

Comments

@jwinfield
Copy link

HTTPS enabled load balancers like Amazon's ELB that forward client requests to HTTP servers behind the load balancer set the X-Forwarded-Proto request header with a value of https. If the call is forwarded to a HTTP Restlet application from the load balancer, the originalRef Request property uses the protocol of the target request without checking if the X-Forwarded-Proto is set and using that protocol scheme instead.

This becomes a problem for resources that need to redirect when handling a request. Extra code needs to be written into the application code to look for the X-Forwarded-Proto header explicitly when building the redirect URL instead of using values from getRequest().getOriginalRef(). Also for static content resources served by a DirectoryService, they will have an incorrect protocol set for the Content-Location URL.
@jwinfield
Copy link
Author

Forgot to mention I'm currently using v2.3.5.

thboileau added a commit that referenced this issue Feb 20, 2016
@thboileau
Computed original reference according to the proxy forwarding. Issue #…
4f96edc 
…1191
@thboileau thboileau mentioned this issue Feb 20, 2016
Merged
thboileau added a commit that referenced this issue Feb 20, 2016
@thboileau
Computed original reference according to the proxy forwarding. Issue #…
fb98981 
…1191
thboileau added a commit that referenced this issue Feb 20, 2016
@thboileau
Computed original reference according to the proxy forwarding. Issue #…
818a866 
…1191
thboileau added a commit that referenced this issue Feb 20, 2016
@thboileau
Computed original reference according to the proxy forwarding. Issue #…
3127127 
…1191
thboileau added a commit that referenced this issue Feb 20, 2016
@thboileau
Computed original reference according to the proxy forwarding. Issue #…
3c84e95 
…1191
thboileau added a commit that referenced this issue Feb 20, 2016
@thboileau
Computed original reference according to the proxy forwarding. Issue #…
47dbf39 
…1191
@thboileau
Copy link
Contributor

Hi @jwinfield , thanks a lot for this suggestion.
The fix has been added to the 2.3 branch and will be part of new 2.3.7 release.

@notz notz mentioned this issue Mar 17, 2017
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Module: Restlet Engine State: new Type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jwinfield @thboileau