Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Pass Host header to the backend #9

Open
mklimuk opened this issue Feb 24, 2017 · 7 comments
Open

Pass Host header to the backend #9

mklimuk opened this issue Feb 24, 2017 · 7 comments

Comments

@mklimuk
Copy link

mklimuk commented Feb 24, 2017

Hello,

I'm trying to use the proxy with Gorilla websocket backend but if I understood correctly Gorilla does not like the absence of "Host" header in the proxified request (it verifies that Host == Origin). Is there a reason for not passing "Host" header through the proxy ? If not I'll be glad to prepare a PR.

Cheers,
Michal
@cihangir
Copy link
Contributor

Hi @mklimuk

I don't remember any specific reason for not passing Host header.

On the other hand, host validation is used if CheckOrigin propery is not set which could be set and customized like this

Do you know any specific reason @rjeczalik?

@mklimuk
Copy link
Author

mklimuk commented Feb 24, 2017

Thanks @cihangir! I know about the CheckOrigin property but I thought it might be a potential security flaw to accept all origins. I'll stick to that for the time being.

@cihangir
Copy link
Contributor

What about something like

CheckOrigin: func(r *http.Request) bool {
    return isIn(r.Header.Get("Origin"), myAllowedDomains)
},

@mklimuk
Copy link
Author

mklimuk commented Feb 24, 2017

Sounds good, the only problem I have is that myAlowedDomains in my case are not known in advance (it is an on-premise software). I'll figure out a correct rule though, thanks!

@rjeczalik
Copy link
Member

rjeczalik commented Feb 24, 2017
edited

Do you know any specific reason @rjeczalik?

Proxies by default (like httputil.ReverseProxy) do not forward Host header. One needs to provide custom Director, that will copy the header from the original request.

Relevant: https://groups.google.com/d/msg/golang-nuts/1ZWCqrs_Oiw/v74kHSG1-2cJ

slimsag added a commit to slimsag/websocketproxy that referenced this issue Mar 28, 2017
@slimsag
Add WebsocketProxy.Director optional function to forward additional h…
88a0ae4 
…eaders

Useful in situations where a WebSocket HTTP server that is being proxied to
requires custom headers, and also should fix issues like koding#9
@slimsag slimsag mentioned this issue Mar 28, 2017
Merged
@stephen
Copy link

stephen commented Oct 28, 2018
edited

Proxies by default (like httputil.ReverseProxy) do not forward Host header. One needs to provide custom Director, that will copy the header from the original request.

@rjeczalik Could you point to where this is in the code? https://golang.org/src/net/http/httputil/reverseproxy.go?s=5114:5189#L159

My read here is that the host will get copied over along with all other headers in the httputil reverse proxy, whereas this code lets the gorilla dialer set the host by default to the proxy target's host.

fwiw, i think an alternative fix to the original question might be:

wsProxy.Director = func(req *http.Request, out http.Header) {
  out.Set("Host", req.Host)
}

then the CheckOrigin should be happy by the time it gets to the upgrader.

stephen added a commit to samsarahq/oauth2_proxy that referenced this issue Oct 28, 2018
@stephen
oauthproxy: forward Host header explicitly
76867e5 
The proxy should send the requested Host header up so that
CheckOrigin passes correctly on the upstream target's side.

Also see: //github.com/koding/websocketproxy/issues/9
@stephen stephen mentioned this issue Oct 29, 2018
Merged
@wbutler1331
Copy link

wbutler1331 commented Dec 20, 2018
edited

@rjeczalik I ran into this same issue while trying to proxy a jupyter notebook and submitted a PR to forward the host header explicitly on the upgrade request. Many web apps use the host header for things like CSRF protection, virtual hosting, cookie names, etc., so not setting it explicitly can cause difficult to debug issues when proxying web apps like this. #28

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mklimuk @cihangir @rjeczalik @stephen @wbutler1331