diff options
author | Alex Auvolat <alex@adnab.me> | 2022-02-27 19:47:41 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2022-02-27 19:47:41 +0100 |
commit | d85ef182691057c96e546d39f8527e2274d3bcef (patch) | |
tree | cc98507170b5623aae71147cbe0282b2b3c5cc2e | |
parent | b1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe (diff) | |
download | tricot-docker-35.tar.gz tricot-docker-35.zip |
Try to fix cookie issue: concatenate multiple cookie headersdocker-35
-rw-r--r-- | Dockerfile | 2 | ||||
-rw-r--r-- | src/reverse_proxy.rs | 38 |
2 files changed, 23 insertions, 17 deletions
@@ -1,4 +1,4 @@ -FROM rust:1.57-bullseye as builder +FROM rust:1.58-buster as builder RUN apt-get update && \ apt-get install -y libssl-dev pkg-config diff --git a/src/reverse_proxy.rs b/src/reverse_proxy.rs index c6e0bac..791b2d5 100644 --- a/src/reverse_proxy.rs +++ b/src/reverse_proxy.rs @@ -72,22 +72,34 @@ fn create_proxied_request<B>( .uri(forward_uri(forward_url, &request)?) .version(hyper::Version::HTTP_11); - *builder.headers_mut().unwrap() = remove_hop_headers(request.headers()); + let headers = builder.headers_mut().unwrap(); + + *headers = remove_hop_headers(request.headers()); // If request does not have host header, add it from original URI authority - if let header::Entry::Vacant(entry) = builder.headers_mut().unwrap().entry(header::HOST) { + if let header::Entry::Vacant(entry) = headers.entry(header::HOST) { if let Some(authority) = request.uri().authority() { entry.insert(authority.as_str().parse()?); } } + // Concatenate cookie headers into single header + // (HTTP/2 allows several cookie headers, but we are proxying to + // HTTP/1.1 that does not) + let mut cookie_concat = vec![]; + while let Some(cookie) = headers.remove(header::COOKIE) { + if !cookie_concat.is_empty() { + cookie_concat.extend(b"; "); + } + cookie_concat.extend_from_slice(cookie.as_bytes()); + } + if !cookie_concat.is_empty() { + headers.insert(header::COOKIE, cookie_concat.try_into()?); + } + // Add forwarding information in the headers let x_forwarded_for_header_name = "x-forwarded-for"; - match builder - .headers_mut() - .unwrap() - .entry(x_forwarded_for_header_name) - { + match headers.entry(x_forwarded_for_header_name) { header::Entry::Vacant(entry) => { entry.insert(client_ip.to_string().parse()?); } @@ -98,7 +110,7 @@ fn create_proxied_request<B>( } } - builder.headers_mut().unwrap().insert( + headers.insert( HeaderName::from_bytes(b"x-forwarded-proto")?, "https".try_into()?, ); @@ -107,14 +119,8 @@ fn create_proxied_request<B>( if let Some(conn) = request.headers().get(header::CONNECTION) { if conn.to_str()?.to_lowercase() == "upgrade" { if let Some(upgrade) = request.headers().get(header::UPGRADE) { - builder - .headers_mut() - .unwrap() - .insert(header::CONNECTION, "Upgrade".try_into()?); - builder - .headers_mut() - .unwrap() - .insert(header::UPGRADE, upgrade.clone()); + headers.insert(header::CONNECTION, "Upgrade".try_into()?); + headers.insert(header::UPGRADE, upgrade.clone()); } } } |