From 1f5bac15cd8e4393c6da98eb7bb4532133dc6259 Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Tue, 21 Dec 2010 01:28:23 +0000
Subject: http: hook up "trust_x_forwarded" to configurator

More config bloat, sadly this is necessary for Rainbows! :<
---
 lib/unicorn/configurator.rb | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'lib/unicorn/configurator.rb')

diff --git a/lib/unicorn/configurator.rb b/lib/unicorn/configurator.rb
index d522c54..2415dda 100644
--- a/lib/unicorn/configurator.rb
+++ b/lib/unicorn/configurator.rb
@@ -42,6 +42,7 @@ class Unicorn::Configurator
     :preload_app => false,
     :rewindable_input => true, # for Rack 2.x: (Rack::VERSION[0] <= 1),
     :client_body_buffer_size => Unicorn::Const::MAX_BODY,
+    :trust_x_forwarded => true,
   }
   #:startdoc:
 
@@ -448,6 +449,14 @@ class Unicorn::Configurator
     set[:user] = [ user, group ]
   end
 
+  # Sets whether or not the parser will trust X-Forwarded-Proto and
+  # X-Forwarded-SSL headers and set "rack.url_scheme" to "https" accordingly.
+  # Rainbows!/Zbatery installations facing untrusted clients directly
+  # should set this to +false+.  This is +true+ by default.
+  def trust_x_forwarded(bool)
+    set_bool(:trust_x_forwarded, bool)
+  end
+
   # expands "unix:path/to/foo" to a socket relative to the current path
   # expands pathnames of sockets if relative to "~" or "~username"
   # expands "*:port and ":port" to "0.0.0.0:port"
-- 
cgit v1.2.3-24-ge0c7