From b740269f121167c4f93e3a0e155e05422f6e80ff Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Mon, 20 Dec 2010 19:40:57 +0000
Subject: http: update setting of "https" for rack.url_scheme

The first value of X-Forwarded-Proto in rack.url_scheme should
be used as it can be chained.  This header can be set multiple
times via different proxies in the chain, but consider the first
one to be valid.

Additionally, respect X-Forwarded-SSL as it may be passed with
the "on" flag instead of X-Forwarded-Proto.

ref: rack commit 85ca454e6143a3081d90e4546ccad602a4c3ad2e
     and 35bb5ba6746b5d346de9202c004cc926039650c7
---
 test/unit/test_http_parser.rb | 55 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)

(limited to 'test')

diff --git a/test/unit/test_http_parser.rb b/test/unit/test_http_parser.rb
index 31cb2cb..a11740d 100644
--- a/test/unit/test_http_parser.rb
+++ b/test/unit/test_http_parser.rb
@@ -147,6 +147,61 @@ class HttpParserTest < Test::Unit::TestCase
     assert parser.keepalive?
   end
 
+  def test_parse_xfp_https_chained
+    parser = HttpParser.new
+    req = {}
+    tmp = "GET / HTTP/1.0\r\n" \
+          "X-Forwarded-Proto: https,http\r\n\r\n"
+    assert_equal req, parser.headers(req, tmp)
+    assert_equal '443', req['SERVER_PORT'], req.inspect
+    assert_equal 'https', req['rack.url_scheme'], req.inspect
+    assert_equal '', tmp
+  end
+
+  def test_parse_xfp_https_chained_backwards
+    parser = HttpParser.new
+    req = {}
+    tmp = "GET / HTTP/1.0\r\n" \
+          "X-Forwarded-Proto: http,https\r\n\r\n"
+    assert_equal req, parser.headers(req, tmp)
+    assert_equal '80', req['SERVER_PORT'], req.inspect
+    assert_equal 'http', req['rack.url_scheme'], req.inspect
+    assert_equal '', tmp
+  end
+
+  def test_parse_xfp_gopher_is_ignored
+    parser = HttpParser.new
+    req = {}
+    tmp = "GET / HTTP/1.0\r\n" \
+          "X-Forwarded-Proto: gopher\r\n\r\n"
+    assert_equal req, parser.headers(req, tmp)
+    assert_equal '80', req['SERVER_PORT'], req.inspect
+    assert_equal 'http', req['rack.url_scheme'], req.inspect
+    assert_equal '', tmp
+  end
+
+  def test_parse_x_forwarded_ssl_on
+    parser = HttpParser.new
+    req = {}
+    tmp = "GET / HTTP/1.0\r\n" \
+          "X-Forwarded-Ssl: on\r\n\r\n"
+    assert_equal req, parser.headers(req, tmp)
+    assert_equal '443', req['SERVER_PORT'], req.inspect
+    assert_equal 'https', req['rack.url_scheme'], req.inspect
+    assert_equal '', tmp
+  end
+
+  def test_parse_x_forwarded_ssl_off
+    parser = HttpParser.new
+    req = {}
+    tmp = "GET / HTTP/1.0\r\n" \
+          "X-Forwarded-Ssl: off\r\n\r\n"
+    assert_equal req, parser.headers(req, tmp)
+    assert_equal '80', req['SERVER_PORT'], req.inspect
+    assert_equal 'http', req['rack.url_scheme'], req.inspect
+    assert_equal '', tmp
+  end
+
   def test_parse_strange_headers
     parser = HttpParser.new
     req = {}
-- 
cgit v1.2.3-24-ge0c7