New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

warp-tls strips out the Host request header #478

Closed
snoyberg opened this Issue Dec 6, 2015 · 5 comments

Comments

Projects
None yet
2 participants
@snoyberg
Member

snoyberg commented Dec 6, 2015

Just discovered this due to some buggy behavior in yesod devel, where URLs were misgenerated for TLS connections but generated correctly for non-TLS connections. Take as an example the following print of a Request value for a warp-tls connection:

Request {requestMethod = "GET", httpVersion = HTTP/1.1, rawPathInfo = "/", rawQueryString = "", requestHeaders = [("Host","localhost:3009"),("Connection","keep-alive"),("Accept","text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"),("Upgrade-Insecure-Requests","1"),("User-Agent","Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36"),("Accept-Encoding","gzip, deflate, sdch"),("Accept-Language","en-US,en;q=0.8,he;q=0.6"),("Cookie","_SESSION=SwprbhBIY0Nkf+vIaMIaBXE1cFbWqtLAU5O7CwUmDsrB8YTi+roXGq30tVTLnNCpEqtdmEHMug8TSp9NyV0nJsFt09Q4xcHPPXIAvfxDdj06JeM5LnrH5rSTg5G2JiPPpBSpHzYSpwA=; XSRF-TOKEN=ZdJ5OHPy5K")], isSecure = False, remoteHost = 127.0.0.1:51112, pathInfo = [], queryString = [], requestBody = <IO ByteString>, vault = <Vault>, requestBodyLength = KnownLength 0, requestHeaderHost = Just "localhost:3009", requestHeaderRange = Nothing}

Note that while the requestHeaderHost field is populated, the Host header itself does not appear in the requestHeaders, in contrast with warp itself which populates both. This harms the situation, for example, when reverse proxying.

@snoyberg

This comment has been minimized.

Show comment
Hide comment
@snoyberg

snoyberg Dec 6, 2015

Member

I'm not actually quite sure what's going on in warp-tls right now, @kazu-yamamoto would this be an easy thing for you to fix?

Member

snoyberg commented Dec 6, 2015

I'm not actually quite sure what's going on in warp-tls right now, @kazu-yamamoto would this be an easy thing for you to fix?

snoyberg added a commit to yesodweb/yesod that referenced this issue Dec 6, 2015

@kazu-yamamoto

This comment has been minimized.

Show comment
Hide comment
@kazu-yamamoto

kazu-yamamoto Dec 7, 2015

Contributor

Probably you cut and pasted a wrong example since it has a Host header.

However, I confirmed that WAI apps don't receive Host headers with WarpTLS. This happens only with github code, not with released code.

Contributor

kazu-yamamoto commented Dec 7, 2015

Probably you cut and pasted a wrong example since it has a Host header.

However, I confirmed that WAI apps don't receive Host headers with WarpTLS. This happens only with github code, not with released code.

@kazu-yamamoto

This comment has been minimized.

Show comment
Hide comment
@kazu-yamamoto

kazu-yamamoto Dec 7, 2015

Contributor

Never mind. This happens even with warp-tls 3.1.4.

Contributor

kazu-yamamoto commented Dec 7, 2015

Never mind. This happens even with warp-tls 3.1.4.

@kazu-yamamoto

This comment has been minimized.

Show comment
Hide comment
@kazu-yamamoto

kazu-yamamoto Dec 7, 2015

Contributor

Fixed.

@snoyberg If your problem has gone away with the commit above, please close this issue.

Contributor

kazu-yamamoto commented Dec 7, 2015

Fixed.

@snoyberg If your problem has gone away with the commit above, please close this issue.

@snoyberg

This comment has been minimized.

Show comment
Hide comment
@snoyberg

snoyberg Dec 7, 2015

Member

Confirmed fixed, thanks!

Member

snoyberg commented Dec 7, 2015

Confirmed fixed, thanks!

@snoyberg snoyberg closed this Dec 7, 2015

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment