From: Eric Wong <normalperson@yhbt.net>
To: unicorn-public@bogomips.org
Subject: [PUSHED] http: remove xftrust options
Date: Thu, 29 May 2014 20:19:05 +0000 [thread overview]
Message-ID: <20140529201905.GA5244@dcvr.yhbt.net> (raw)
Just pushed out the dev5 branch to git://bogomips.org/unicorn
* GIT-VERSION-GEN: start 5.0.0 development
* http: remove xftrust options
"http: remove xftrust options" deserves some looking at
http://bogomips.org/unicorn.git/patch?id=5bd61b57d63ae86
Particularly the comment added:
--------------------------------------------
Subject: [PATCH] http: remove xftrust options
This has long been considered a mistake and not documented for very
long.
I considered removing X-Forwarded-Proto and X-Forwarded-SSL
handling, too, so rack.url_scheme is always "http", but that might
lead to compatibility issues in rare apps if Rack::Request#scheme is
not used.
---
diff --git a/ext/unicorn_http/unicorn_http.rl b/ext/unicorn_http/unicorn_http.rl
--- a/ext/unicorn_http/unicorn_http.rl
+++ b/ext/unicorn_http/unicorn_http.rl
@@ -491,26 +460,29 @@ static void set_url_scheme(VALUE env, VALUE *server_port)
VALUE scheme = rb_hash_aref(env, g_rack_url_scheme);
if (NIL_P(scheme)) {
- if (trust_x_forward == Qfalse) {
- scheme = g_http;
+ /*
+ * would anybody be horribly opposed to removing the X-Forwarded-SSL
+ * and X-Forwarded-Proto handling from this parser? We've had it
+ * forever and nobody has said anything against it, either.
+ * Anyways, please send comments to our public mailing list:
+ * unicorn-public@bogomips.org (no HTML mail, no subscription necessary)
+ */
+ scheme = rb_hash_aref(env, g_http_x_forwarded_ssl);
+ if (!NIL_P(scheme) && STR_CSTR_EQ(scheme, "on")) {
+ *server_port = g_port_443;
+ scheme = g_https;
} else {
- scheme = rb_hash_aref(env, g_http_x_forwarded_ssl);
- if (!NIL_P(scheme) && STR_CSTR_EQ(scheme, "on")) {
- *server_port = g_port_443;
- scheme = g_https;
+ scheme = rb_hash_aref(env, g_http_x_forwarded_proto);
+ if (NIL_P(scheme)) {
+ scheme = g_http;
} else {
- scheme = rb_hash_aref(env, g_http_x_forwarded_proto);
- if (NIL_P(scheme)) {
- scheme = g_http;
+ long len = RSTRING_LEN(scheme);
+ if (len >= 5 && !memcmp(RSTRING_PTR(scheme), "https", 5)) {
+ if (len != 5)
+ scheme = g_https;
+ *server_port = g_port_443;
} else {
- long len = RSTRING_LEN(scheme);
- if (len >= 5 && !memcmp(RSTRING_PTR(scheme), "https", 5)) {
- if (len != 5)
- scheme = g_https;
- *server_port = g_port_443;
- } else {
- scheme = g_http;
- }
+ scheme = g_http;
}
}
}
reply other threads:[~2014-05-29 20:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://yhbt.net/unicorn/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140529201905.GA5244@dcvr.yhbt.net \
--to=normalperson@yhbt.net \
--cc=unicorn-public@bogomips.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhbt.net/unicorn.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).