devd icon indicating copy to clipboard operation
devd copied to clipboard
verified publisher icon cortesi

question: Is X-Forwarded-Proto set correctly?

Open joncfoo opened this issue 7 years ago • 2 comments

I'm invoking devd with the command below and accessing my application over https://devd.io/. I noticed in my application that X-Forwarded-Proto = http - shouldn't it be https since I am forwarding /=https://127.0.0.1:3000/ ?

devd --port=443 \
	--cert=_certs/devd.io/bundle.pem \
	/=https://127.0.0.1:3000

Changing the following line in reverseproxy.go to req.Header.Set("X-Forwarded-Proto", target.Scheme) results in X-Forwarded-Proto being set to https (it works for my use-case but I'm not sure if this is the right fix?).

https://github.com/cortesi/devd/blob/93164c9b170e00b808d34f54ff109d91b3e4d18b/reverseproxy/reverseproxy.go#L80

joncfoo avatar Jul 26 '18 15:07 joncfoo

Hi, this sounds like what was fix in https://github.com/cortesi/devd/pull/83 ?

wader avatar Aug 03 '18 23:08 wader

I tracked down a bug with X-Forwarded-Proto.

When using "--cert" X-Forwarded-Proto gets set to "http" (should be "https")

Steps to reproduce:

  1. start web server to show X-Forwarded-Proto header
  2. start devd with --cert="SomeCustomCert"
  3. make request to devd
# start web server in one terminal (netcat will do in a pinch)
nc -l 9000

# start devd in another terminal 
# just use ~/.devd.cert which should be there if you have ever started devd with --tls
devd --cert=${HOME}/.devd.cert http://localhost:9000

# Make request
curl -k https://devd.io:8000

Then inspect the output from netcat. ( ctrl+C to quit netcat)

Note: the "--tls" flag sets X-Forwarded-Proto correctly.

lancerushing avatar Jan 07 '21 07:01 lancerushing