[PATCH] Support X-Forwarded-Proto in redirects

Maxim Dounin mdounin at mdounin.ru
Mon Mar 19 20:09:04 UTC 2018


Hello!

On Mon, Mar 19, 2018 at 08:53:46PM +0100, Lukas Vacek wrote:

> # HG changeset patch
> # User Lukas Vacek <lucas.vacek at gmail.com>
> # Date 1521488415 -3600
> #      Mon Mar 19 20:40:15 2018 +0100
> # Node ID 0f9ed8bb5c9505f7a77271eed54e7b01b9b65a81
> # Parent  413189f03c8d13d0d20bd5e44fa0e48e693badef
> Support X-Forwarded-Proto in redirects
> 
> This patch adds a new configuration option x_forwarded_proto_in_redirect
> (default off) to fill schema from X-Forwarded-Proto HTTP header in
> URLs generated by nginx.
> 
> This is handy when running nginx behind SSL off-loading reverse proxy.

Try "absolute_redirect off" instead, see 
http://nginx.org/r/absolute_redirect for details.

[...]

> +        if (clcf->x_forwarded_proto_in_redirect) {
> +            part = &r->headers_in.headers.part;
> +            header = part->elts;
> +
> +            for (i = 0; /* void */; i++) {
> +                if (i >= part->nelts) {
> +                    if (part->next == NULL) {
> +                        break;
> +                    }
> +
> +                    part = part->next;
> +                    header = part->elts;
> +                    i = 0;
> +                }
> +
> +                if (ngx_strcasecmp(header[i].key.data,
> +                        (u_char *)"X-Forwarded-Proto") == 0) {
> +                    proto = header[i].value;
> +                    break;
> +                }
> +            }
> +        }

Just a side note: full scan of all headers is certainly not 
something that should be used for such tasks.  Instead, a field 
for a header should be added to r->headers_in, and an entry should 
be added to the ngx_http_headers_in array.  With such approach it 
is possible to test / access interesting headers immediately in 
the code, with minimal overhead.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx-devel mailing list