Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x-forwarded-proto header generates a non standard URL #590

Open
jgrocha opened this issue Jul 7, 2022 · 1 comment
Open

x-forwarded-proto header generates a non standard URL #590

jgrocha opened this issue Jul 7, 2022 · 1 comment

Comments

@jgrocha
Copy link

jgrocha commented Jul 7, 2022

Context

I have MapProxy running behind Apache and my own proxy written in node.

app.use('/', createProxyMiddleware({
  changeOrigin: true,
  secure: false,
  router: (req) => {
    let novo = new URL(req.url.replace(/^\//, ''));
    return novo.origin;
  },
  pathRewrite: (path, req) => {
    let novo = new URL(path.replace(/^\//, ''));
    let res = novo.pathname + novo.search;
    return res;
  },
}));

The proxy adds the header 'x-forwarded-proto': 'https' to the request, which should be ok.

Actual Behavior

Width such 'x-forwarded-proto': 'https' header, the Capabilities gets the URL malformed, as we can see in the example.

<ows:HTTP>
<ows:Get xlink:href="https, https://xxx.ambiente.azores.gov.pt/mapproxy/service?">
<ows:Constraint name="GetEncoding">
<ows:AllowedValues>
<ows:Value>KVP</ows:Value>
</ows:AllowedValues>
</ows:Constraint>
</ows:Get>
</ows:HTTP>

Possible Fix

Since I control the proxy, the work around is to remove the header from the request.

app.use('/', createProxyMiddleware({
  changeOrigin: true,
  secure: false,
  router: (req) => {
    let novo = new URL(req.url.replace(/^\//, ''));
    return novo.origin;
  },
  pathRewrite: (path, req) => {
    delete req.headers['x-forwarded-proto'];

    let novo = new URL(path.replace(/^\//, ''));
    let res = novo.pathname + novo.search;
    return res;
  },
}));

The header should only determine with the usage of http or https, but it changes completely the URL.

Other headers sent

9|proxy  | {
9|proxy  |   host: 'xxx.ambiente.azores.gov.pt',
9|proxy  |   'user-agent': 'Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Firefox/102.0',
9|proxy  |   accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
9|proxy  |   'accept-language': 'pt,pt-BR;q=0.8,en-US;q=0.5,en;q=0.3',
9|proxy  |   'accept-encoding': 'gzip, deflate, br',
9|proxy  |   cookie: '...',
9|proxy  |   'upgrade-insecure-requests': '1',
9|proxy  |   'sec-fetch-dest': 'document',
9|proxy  |   'sec-fetch-mode': 'navigate',
9|proxy  |   'sec-fetch-site': 'none',
9|proxy  |   'sec-fetch-user': '?1',
9|proxy  |   'sec-gpc': '1',
9|proxy  |   pragma: 'no-cache',
9|proxy  |   'cache-control': 'no-cache',
9|proxy  |   'x-forwarded-for': '94.61.164.170',
9|proxy  |   'x-forwarded-proto': 'https',
9|proxy  |   connection: 'Keep-Alive'
9|proxy  | }

Your Environment

  • Version used: Version: 1.15.1.post20220707
  • Environment name and version: Python 3.8.10
  • Operating System and version: Ubuntu 20.04.4 LTS
@jgrocha
Copy link
Author

jgrocha commented Jul 7, 2022

If 'X-Forwarded-Proto': '' the URL generated is <ows:Get xlink:href=", https://xxx.ambiente.azores.gov.pt/mapproxy/service?">.

The value of X-Forwarded-Proto should be tested to make sure it is httpor https only, according to the documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jgrocha