added X-Forwarded header before HTTP proxy
This commit is contained in:
parent
df3a818914
commit
47bcdcf2a6
|
@ -275,6 +275,30 @@ module.exports.create = function (deps, conf, greenlockMiddleware) {
|
|||
return false;
|
||||
}
|
||||
|
||||
var index = opts.firstChunk.indexOf('\r\n\r\n');
|
||||
var body = opts.firstChunk.slice(index);
|
||||
|
||||
var head = opts.firstChunk.slice(0, index).toString();
|
||||
var headLines = head.split('\r\n');
|
||||
// First strip any existing `X-Forwarded-*` headers (for security purposes?)
|
||||
headLines = headLines.filter(function (line) {
|
||||
return !/^x-forwarded/i.test(line);
|
||||
});
|
||||
// Then add our own `X-Forwarded` headers at the end.
|
||||
if (conf.http.trustProxy && headers['x-forwarded-proto']) {
|
||||
headLines.push('X-Forwarded-Proto: ' + headers['x-forwarded-proto']);
|
||||
} else {
|
||||
headLines.push('X-Forwarded-Proto: ' + conn.encrypted ? 'https' : 'http');
|
||||
}
|
||||
var proxyChain = (headers['x-forwarded-for'] || '').split(/ *, */).filter(Boolean);
|
||||
proxyChain.push(opts.remoteAddress || opts.address || conn.remoteAddress);
|
||||
headLines.push('X-Forwarded-For: ' + proxyChain.join(', '));
|
||||
headLines.push('X-Forwarded-Host: ' + headers.host);
|
||||
// Then convert all of the head lines back into a header buffer.
|
||||
head = Buffer.from(headLines.join('\r\n'));
|
||||
|
||||
opts.firstChunk = Buffer.concat([head, body]);
|
||||
|
||||
var newConnOpts = separatePort(mod.address);
|
||||
newConnOpts.servername = separatePort(headers.host).host;
|
||||
newConnOpts.data = opts.firstChunk;
|
||||
|
|
Loading…
Reference in New Issue