IPv6 x-forwarded-host results in "bad URI" error

[kwinters]

A request that normally works with IPv4 is failing for IPv6. The webrick server is running behind Apache2, which is setting the x-forwarded-* headers.

$ curl -k https://[fd20:8b1e:b255:8154:250:56ff:fea8:4d84]/something
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0//EN">
<HTML>
  <HEAD><TITLE>Bad Request</TITLE></HEAD>
  <BODY>
    <H1>Bad Request</H1>
    bad URI `/api/v3/versions'.
    <HR>
    <ADDRESS>
     WEBrick/1.3.1 (Ruby/2.3.3/2016-11-21) at
     DCU-ADM1-178:4567
    </ADDRESS>
  </BODY>
</HTML>

I added some logging to httprequest.rb to output the headers:
(fails) x-forwarded-host: [fd20:8b1e:b255:8154:250:56ff:fea8:4d84]
(works) x-forwarded-host: 10.224.3.178

The bug appears to be in here:

     def setup_forwarded_info
      if @forwarded_server = self["x-forwarded-server"]
        @forwarded_server = @forwarded_server.split(",", 2).first
      end
      @forwarded_proto = self["x-forwarded-proto"]
      if host_port = self["x-forwarded-host"]
        host_port = host_port.split(",", 2).first
        @forwarded_host, tmp = host_port.split(":", 2) # HERE
        @forwarded_port = (tmp || (@forwarded_proto == "https" ? 443 : 80)).to_i
      end
      if addrs = self["x-forwarded-for"]
        addrs = addrs.split(",").collect(&:strip)
        addrs.reject!{|ip| PrivateNetworkRegexp =~ ip }
        @forwarded_for = addrs.first
      end
    end

Changing it to remove the split avoids the bug, but this simpler implementation doesn't support a port.

      if host_port = self["x-forwarded-host"]
        host_port = host_port.split(",", 2).first
        @forwarded_host = host_port # Dropped the split on :
        @forwarded_port = @forwarded_proto == "https" ? 443 : 80
      end

[hsbt]

This repository is the mirror repository. We didn't handle the issue report now. Can you file this report to https://bugs.ruby-lang.org/ ?

[kwinters]

Filed as https://bugs.ruby-lang.org/issues/15187

Thanks for fixing the submission link, BTW. 082b634