* [PUSHED] http: remove xftrust options
@ 2014-05-29 20:19 Eric Wong
0 siblings, 0 replies; only message in thread
From: Eric Wong @ 2014-05-29 20:19 UTC (permalink / raw)
To: unicorn-public
Just pushed out the dev5 branch to git://bogomips.org/unicorn
* GIT-VERSION-GEN: start 5.0.0 development
* http: remove xftrust options
"http: remove xftrust options" deserves some looking at
http://bogomips.org/unicorn.git/patch?id=5bd61b57d63ae86
Particularly the comment added:
--------------------------------------------
Subject: [PATCH] http: remove xftrust options
This has long been considered a mistake and not documented for very
long.
I considered removing X-Forwarded-Proto and X-Forwarded-SSL
handling, too, so rack.url_scheme is always "http", but that might
lead to compatibility issues in rare apps if Rack::Request#scheme is
not used.
---
diff --git a/ext/unicorn_http/unicorn_http.rl b/ext/unicorn_http/unicorn_http.rl
--- a/ext/unicorn_http/unicorn_http.rl
+++ b/ext/unicorn_http/unicorn_http.rl
@@ -491,26 +460,29 @@ static void set_url_scheme(VALUE env, VALUE *server_port)
VALUE scheme = rb_hash_aref(env, g_rack_url_scheme);
if (NIL_P(scheme)) {
- if (trust_x_forward == Qfalse) {
- scheme = g_http;
+ /*
+ * would anybody be horribly opposed to removing the X-Forwarded-SSL
+ * and X-Forwarded-Proto handling from this parser? We've had it
+ * forever and nobody has said anything against it, either.
+ * Anyways, please send comments to our public mailing list:
+ * unicorn-public@bogomips.org (no HTML mail, no subscription necessary)
+ */
+ scheme = rb_hash_aref(env, g_http_x_forwarded_ssl);
+ if (!NIL_P(scheme) && STR_CSTR_EQ(scheme, "on")) {
+ *server_port = g_port_443;
+ scheme = g_https;
} else {
- scheme = rb_hash_aref(env, g_http_x_forwarded_ssl);
- if (!NIL_P(scheme) && STR_CSTR_EQ(scheme, "on")) {
- *server_port = g_port_443;
- scheme = g_https;
+ scheme = rb_hash_aref(env, g_http_x_forwarded_proto);
+ if (NIL_P(scheme)) {
+ scheme = g_http;
} else {
- scheme = rb_hash_aref(env, g_http_x_forwarded_proto);
- if (NIL_P(scheme)) {
- scheme = g_http;
+ long len = RSTRING_LEN(scheme);
+ if (len >= 5 && !memcmp(RSTRING_PTR(scheme), "https", 5)) {
+ if (len != 5)
+ scheme = g_https;
+ *server_port = g_port_443;
} else {
- long len = RSTRING_LEN(scheme);
- if (len >= 5 && !memcmp(RSTRING_PTR(scheme), "https", 5)) {
- if (len != 5)
- scheme = g_https;
- *server_port = g_port_443;
- } else {
- scheme = g_http;
- }
+ scheme = g_http;
}
}
}
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-05-29 20:19 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-05-29 20:19 [PUSHED] http: remove xftrust options Eric Wong
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).