-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FR: serve: Add the X-Forwarded-Proto header #7061
Comments
I think this may be fairly simple to fix by adding a |
I believe this was fixed two weeks ago in 3177cca |
I see |
A use-case for this feature is when testing OIDC authentication to a Rails application. Rails (in particular) can be fussy about whether it believes its on https or not and will redirect to https if it's not, and OIDC providers often won't let you have a redirection URL that is non-SSL if it's not 'localhost'. Thank you! |
We could also use this option specifically for |
As another usecase for this, the Flask Python web framework (really I think Werkzeug under the covers?) uses this header to decide how to build URLs when using |
@Multiply could you expand a little on why |
I'd assume it'd include the port, if it's not 80 for http, or 443 for https, so we that way can properly generate the 'correct' URLs, no matter how many layers of proxies one have, and for all supported ports. Edit: I might have to read up on "standards", but |
This adds replicates the headers also sent by the golang reverse proxy by default. Fixes tailscale#7061 Signed-off-by: Heiko Rothe <me@heikorothe.com>
This replicates the headers also sent by the golang reverse proxy by default. Fixes tailscale#7061 Signed-off-by: Heiko Rothe <me@heikorothe.com>
I also ran into this issue for a use case that I've been working on and ended up providing a PR that implements both the X-Forwarded-Host and X-Forwarded-Proto header: #8224. |
This replicates the headers also sent by the golang reverse proxy by default. Fixes tailscale#7061 Signed-off-by: Heiko Rothe <me@heikorothe.com>
This replicates the headers also sent by the golang reverse proxy by default. Fixes #7061 Signed-off-by: Heiko Rothe <me@heikorothe.com>
What are you trying to do?
I've tried to use
tailscale serve
to simplify my setup since I don't have any complex reverse proxying requirements, however I found that my backend really wants to have theX-Forwarded-Proto
header set tohttps
if the proxy terminated TLS on its behalf.How should we solve this?
Since the Tailscale server knows whether it had terminated TLS, it seems like it should be fairly easy for it to insert the
X-Forwarded-Proto
header with the appropriate value when reverse-proxying the requests.What is the impact of not solving this?
Some picky backends want to see the
X-Forwarded-Proto: https
header and will display warnings, etc., if it's missing.Anything else?
No response
The text was updated successfully, but these errors were encountered: