aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-02-27 19:47:41 +0100
committerAlex Auvolat <alex@adnab.me>2022-02-27 19:47:41 +0100
commitd85ef182691057c96e546d39f8527e2274d3bcef (patch)
treecc98507170b5623aae71147cbe0282b2b3c5cc2e
parentb1ac01f53ec110438e8be8ab7716e9d7b6ebb7fe (diff)
downloadtricot-docker-35.tar.gz
tricot-docker-35.zip
Try to fix cookie issue: concatenate multiple cookie headersdocker-35
-rw-r--r--Dockerfile2
-rw-r--r--src/reverse_proxy.rs38
2 files changed, 23 insertions, 17 deletions
diff --git a/Dockerfile b/Dockerfile
index 41df609..3a6ebe7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM rust:1.57-bullseye as builder
+FROM rust:1.58-buster as builder
RUN apt-get update && \
apt-get install -y libssl-dev pkg-config
diff --git a/src/reverse_proxy.rs b/src/reverse_proxy.rs
index c6e0bac..791b2d5 100644
--- a/src/reverse_proxy.rs
+++ b/src/reverse_proxy.rs
@@ -72,22 +72,34 @@ fn create_proxied_request<B>(
.uri(forward_uri(forward_url, &request)?)
.version(hyper::Version::HTTP_11);
- *builder.headers_mut().unwrap() = remove_hop_headers(request.headers());
+ let headers = builder.headers_mut().unwrap();
+
+ *headers = remove_hop_headers(request.headers());
// If request does not have host header, add it from original URI authority
- if let header::Entry::Vacant(entry) = builder.headers_mut().unwrap().entry(header::HOST) {
+ if let header::Entry::Vacant(entry) = headers.entry(header::HOST) {
if let Some(authority) = request.uri().authority() {
entry.insert(authority.as_str().parse()?);
}
}
+ // Concatenate cookie headers into single header
+ // (HTTP/2 allows several cookie headers, but we are proxying to
+ // HTTP/1.1 that does not)
+ let mut cookie_concat = vec![];
+ while let Some(cookie) = headers.remove(header::COOKIE) {
+ if !cookie_concat.is_empty() {
+ cookie_concat.extend(b"; ");
+ }
+ cookie_concat.extend_from_slice(cookie.as_bytes());
+ }
+ if !cookie_concat.is_empty() {
+ headers.insert(header::COOKIE, cookie_concat.try_into()?);
+ }
+
// Add forwarding information in the headers
let x_forwarded_for_header_name = "x-forwarded-for";
- match builder
- .headers_mut()
- .unwrap()
- .entry(x_forwarded_for_header_name)
- {
+ match headers.entry(x_forwarded_for_header_name) {
header::Entry::Vacant(entry) => {
entry.insert(client_ip.to_string().parse()?);
}
@@ -98,7 +110,7 @@ fn create_proxied_request<B>(
}
}
- builder.headers_mut().unwrap().insert(
+ headers.insert(
HeaderName::from_bytes(b"x-forwarded-proto")?,
"https".try_into()?,
);
@@ -107,14 +119,8 @@ fn create_proxied_request<B>(
if let Some(conn) = request.headers().get(header::CONNECTION) {
if conn.to_str()?.to_lowercase() == "upgrade" {
if let Some(upgrade) = request.headers().get(header::UPGRADE) {
- builder
- .headers_mut()
- .unwrap()
- .insert(header::CONNECTION, "Upgrade".try_into()?);
- builder
- .headers_mut()
- .unwrap()
- .insert(header::UPGRADE, upgrade.clone());
+ headers.insert(header::CONNECTION, "Upgrade".try_into()?);
+ headers.insert(header::UPGRADE, upgrade.clone());
}
}
}