fix: use X-Forwarded-Host first on app.proxy present (#1263)
This commit is contained in:
fengmk2
Yiyu He
parent
e01cc5a1cf
commit
4964242834
2 changed files with 29 additions and 4 deletions
|
|
@ -252,8 +252,10 @@ module.exports = {
|
||||||
get host() {
|
get host() {
|
||||||
const proxy = this.app.proxy;
|
const proxy = this.app.proxy;
|
||||||
let host = proxy && this.get('X-Forwarded-Host');
|
let host = proxy && this.get('X-Forwarded-Host');
|
||||||
|
if (!host) {
|
||||||
if (this.req.httpVersionMajor >= 2) host = this.get(':authority');
|
if (this.req.httpVersionMajor >= 2) host = this.get(':authority');
|
||||||
host = host || this.get('Host');
|
if (!host) host = this.get('Host');
|
||||||
|
}
|
||||||
if (!host) return '';
|
if (!host) return '';
|
||||||
return host.split(/\s*,\s*/)[0];
|
return host.split(/\s*,\s*/)[0];
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -53,22 +53,45 @@ describe('req.host', () => {
|
||||||
|
|
||||||
describe('when X-Forwarded-Host is present', () => {
|
describe('when X-Forwarded-Host is present', () => {
|
||||||
describe('and proxy is not trusted', () => {
|
describe('and proxy is not trusted', () => {
|
||||||
it('should be ignored', () => {
|
it('should be ignored on HTTP/1', () => {
|
||||||
const req = request();
|
const req = request();
|
||||||
req.header['x-forwarded-host'] = 'bar.com';
|
req.header['x-forwarded-host'] = 'bar.com';
|
||||||
req.header.host = 'foo.com';
|
req.header.host = 'foo.com';
|
||||||
assert.equal(req.host, 'foo.com');
|
assert.equal(req.host, 'foo.com');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should be ignored on HTTP/2', () => {
|
||||||
|
const req = request({
|
||||||
|
'httpVersionMajor': 2,
|
||||||
|
'httpVersion': '2.0'
|
||||||
|
});
|
||||||
|
req.header['x-forwarded-host'] = 'proxy.com:8080';
|
||||||
|
req.header[':authority'] = 'foo.com:3000';
|
||||||
|
req.header.host = 'bar.com:8000';
|
||||||
|
assert.equal(req.host, 'foo.com:3000');
|
||||||
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('and proxy is trusted', () => {
|
describe('and proxy is trusted', () => {
|
||||||
it('should be used', () => {
|
it('should be used on HTTP/1', () => {
|
||||||
const req = request();
|
const req = request();
|
||||||
req.app.proxy = true;
|
req.app.proxy = true;
|
||||||
req.header['x-forwarded-host'] = 'bar.com, baz.com';
|
req.header['x-forwarded-host'] = 'bar.com, baz.com';
|
||||||
req.header.host = 'foo.com';
|
req.header.host = 'foo.com';
|
||||||
assert.equal(req.host, 'bar.com');
|
assert.equal(req.host, 'bar.com');
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should be used on HTTP/2', () => {
|
||||||
|
const req = request({
|
||||||
|
'httpVersionMajor': 2,
|
||||||
|
'httpVersion': '2.0'
|
||||||
|
});
|
||||||
|
req.app.proxy = true;
|
||||||
|
req.header['x-forwarded-host'] = 'proxy.com:8080';
|
||||||
|
req.header[':authority'] = 'foo.com:3000';
|
||||||
|
req.header.host = 'bar.com:8000';
|
||||||
|
assert.equal(req.host, 'proxy.com:8080');
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue