diff options
author | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2020-01-28 17:48:10 +0300 |
---|---|---|
committer | Grzegorz Bizon <grzesiek.bizon@gmail.com> | 2020-01-28 17:48:10 +0300 |
commit | 5624b616b1aff4fd027607e37ca989817459126c (patch) | |
tree | f10e0ca3358868c957a910f1746ac157f0422712 /internal | |
parent | 0509d6b4aa276d0a61592f5ad9d464f13c8e458f (diff) |
Add X-Forwarded headers to serverless proxy
Diffstat (limited to 'internal')
-rw-r--r-- | internal/serving/serverless/director.go | 5 | ||||
-rw-r--r-- | internal/serving/serverless/serverless_test.go | 3 |
2 files changed, 7 insertions, 1 deletions
diff --git a/internal/serving/serverless/director.go b/internal/serving/serverless/director.go index 83d792c3..0d046af9 100644 --- a/internal/serving/serverless/director.go +++ b/internal/serving/serverless/director.go @@ -3,6 +3,8 @@ package serverless import ( "net/http" "strings" + + "github.com/tomasen/realip" ) // NewDirectorFunc returns a director function capable of configuring a proxy @@ -13,6 +15,7 @@ func NewDirectorFunc(cluster Cluster) func(*http.Request) { request.URL.Host = strings.Join([]string{cluster.Address, cluster.Port}, ":") request.URL.Scheme = "https" request.Header.Set("User-Agent", "GitLab Pages Daemon") - request.Header.Set("X-Forwarded-For", "123") // TODO + request.Header.Set("X-Forwarded-For", realip.FromRequest(request)) + request.Header.Set("X-Forwarded-Proto", "https") } } diff --git a/internal/serving/serverless/serverless_test.go b/internal/serving/serverless/serverless_test.go index 169f3de5..fc604608 100644 --- a/internal/serving/serverless/serverless_test.go +++ b/internal/serving/serverless/serverless_test.go @@ -20,6 +20,8 @@ func TestServeFileHTTP(t *testing.T) { cluster := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { assert.Equal(t, "GitLab Pages Daemon", r.Header.Get("User-Agent")) + assert.Equal(t, "https", r.Header.Get("X-Forwarded-Proto")) + assert.Contains(t, r.Header.Get("X-Forwarded-For"), "127.0.0.123") })) cluster.TLS = &tls.Config{ @@ -43,6 +45,7 @@ func TestServeFileHTTP(t *testing.T) { t.Run("when proxying simple request to a cluster", func(t *testing.T) { writer := httptest.NewRecorder() request := httptest.NewRequest("GET", "http://example.gitlab.com", nil) + request.Header.Set("X-Real-IP", "127.0.0.123") handler := serving.Handler{Writer: writer, Request: request} assert.True(t, serverless.ServeFileHTTP(handler)) |