[nginx] HTTP/2: use scheme from original request for pushes (closes #1549).
Ruslan Ermilov
ru at nginx.com
Thu Jun 7 19:01:22 UTC 2018
details: http://hg.nginx.org/nginx/rev/8e6bb4e6045f
branches:
changeset: 7296:8e6bb4e6045f
user: Ruslan Ermilov <ru at nginx.com>
date: Thu Jun 07 20:04:22 2018 +0300
description:
HTTP/2: use scheme from original request for pushes (closes #1549).
Instead of the connection scheme, use scheme from the original request.
This fixes pushes when SSL is terminated by a proxy server in front of
nginx.
diffstat:
src/http/v2/ngx_http_v2.c | 15 ++++++---------
src/http/v2/ngx_http_v2_filter_module.c | 26 ++++++++++++++------------
2 files changed, 20 insertions(+), 21 deletions(-)
diffs (85 lines):
diff -r 89430899c72a -r 8e6bb4e6045f src/http/v2/ngx_http_v2.c
--- a/src/http/v2/ngx_http_v2.c Thu Jun 07 20:01:41 2018 +0300
+++ b/src/http/v2/ngx_http_v2.c Thu Jun 07 20:04:22 2018 +0300
@@ -2616,15 +2616,12 @@ ngx_http_v2_push_stream(ngx_http_v2_stre
r->method_name = ngx_http_core_get_method;
r->method = NGX_HTTP_GET;
-#if (NGX_HTTP_SSL)
- if (fc->ssl) {
- ngx_str_set(&r->schema, "https");
-
- } else
-#endif
- {
- ngx_str_set(&r->schema, "http");
- }
+ r->schema.data = ngx_pstrdup(pool, &parent->request->schema);
+ if (r->schema.data == NULL) {
+ goto close;
+ }
+
+ r->schema.len = parent->request->schema.len;
value.data = ngx_pstrdup(pool, path);
if (value.data == NULL) {
diff -r 89430899c72a -r 8e6bb4e6045f src/http/v2/ngx_http_v2_filter_module.c
--- a/src/http/v2/ngx_http_v2_filter_module.c Thu Jun 07 20:01:41 2018 +0300
+++ b/src/http/v2/ngx_http_v2_filter_module.c Thu Jun 07 20:04:22 2018 +0300
@@ -944,15 +944,15 @@ ngx_http_v2_push_resource(ngx_http_reque
ph = ngx_http_v2_push_headers;
+ len = ngx_max(r->schema.len, path->len);
+
if (binary[0].len) {
- tmp = ngx_palloc(r->pool, path->len);
+ tmp = ngx_palloc(r->pool, len);
if (tmp == NULL) {
return NGX_ERROR;
}
} else {
- len = path->len;
-
for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
h = (ngx_table_elt_t **) ((char *) &r->headers_in + ph[i].offset);
@@ -994,7 +994,7 @@ ngx_http_v2_push_resource(ngx_http_reque
len = (h2c->table_update ? 1 : 0)
+ 1
+ 1 + NGX_HTTP_V2_INT_OCTETS + path->len
- + 1;
+ + 1 + NGX_HTTP_V2_INT_OCTETS + r->schema.len;
for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
len += binary[i].len;
@@ -1025,18 +1025,20 @@ ngx_http_v2_push_resource(ngx_http_reque
*pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
pos = ngx_http_v2_write_value(pos, path->data, path->len, tmp);
-#if (NGX_HTTP_SSL)
- if (fc->ssl) {
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0,
- "http2 push header: \":scheme: https\"");
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
+ "http2 push header: \":scheme: %V\"", &r->schema);
+
+ if (r->schema.len == 5 && ngx_strncmp(r->schema.data, "https", 5) == 0) {
*pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX);
- } else
-#endif
+ } else if (r->schema.len == 4
+ && ngx_strncmp(r->schema.data, "http", 4) == 0)
{
- ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0,
- "http2 push header: \":scheme: http\"");
*pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+
+ } else {
+ *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+ pos = ngx_http_v2_write_value(pos, r->schema.data, r->schema.len, tmp);
}
for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
More information about the nginx-devel
mailing list