bumptech
Support the addition of a custom header to the client request
stud should support the addition of custom headers to the request, so that the backend server have a trusted way to determine whether the request has actually passed through stud or not.
For instance, I'd add a secret key as a value to a custom header in the stud configuration.
X-Secure-Conn-Key: 1234567890
Then, in the backend server I'd check for the existence of my secret header and key and in turn notify the application that the client has connected over a secure channel.
Eg, in apache, the header could be checked and, if the key matched, the variable HTTPS would be set to on (most web applications use such a variable to determine if the client connection was secure):
SetEnvIf X-Secure-Conn-Key 1234567890 HTTPS=on
I think it would be a useful feature.
PS: My use case is stud<->varnish<->apache<->fastcgi_app
If you trust the host where stud is running, you may be able to add the secure key in varnish, by checking the source of the request:
sub vcl_recv { if (client.ip ~ stud_hosts ) { set req.http.x-secure-conn-key = "1234567890 https=on"; } else { set req.http.x-secure-conn-key = "1234567890 https=off"; } }
