mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-02-14 10:18:02 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Use last X-Forwarded-For header (#367)

Browse source 
This header is non-standard but AWS seems to need this.
This commit is contained in:
Paul Kulchenko 2022-03-14 17:21:15 -07:00 committed by GitHub
parent cfc557f7c7
commit 2a938b3eaa
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 16 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
net/http/khttprepeatable.c
View file

@ -77,6 +77,7 @@ const bool kHttpRepeatable[kHttpHeadersMax] = {
[kHttpVia] = true, [kHttpVia] = true,
[kHttpWarning] = true, [kHttpWarning] = true,
[kHttpWwwAuthenticate] = true, [kHttpWwwAuthenticate] = true,
[kHttpXForwardedFor] = true,
[kHttpAccessControlAllowHeaders] = true, [kHttpAccessControlAllowHeaders] = true,
[kHttpAccessControlAllowMethods] = true, [kHttpAccessControlAllowMethods] = true,
[kHttpAccessControlRequestHeaders] = true, [kHttpAccessControlRequestHeaders] = true,

9
net/http/parseforwarded.c
View file

@ -24,13 +24,13 @@
* *
* This header is used by reverse proxies. For example: * This header is used by reverse proxies. For example:
* *
* X-Forwarded-For: 203.0.113.42:31337 * X-Forwarded-For: 203.0.110.2, 203.0.113.42:31337
* *
* The port is optional and will be set to zero if absent. * The port is optional and will be set to zero if absent.
* *
* @param s is input data * @param s is input data
* @param n if -1 implies strlen * @param n if -1 implies strlen
* @param ip receives ip on success if not NULL * @param ip receives last/right ip on success if not NULL
* @param port receives port on success if not NULL * @param port receives port on success if not NULL
* @return 0 on success or -1 on failure * @return 0 on success or -1 on failure
* @see RFC7239's poorly designed Forwarded header * @see RFC7239's poorly designed Forwarded header
@ -38,10 +38,15 @@
int ParseForwarded(const char *s, size_t n, uint32_t *ip, uint16_t *port) { int ParseForwarded(const char *s, size_t n, uint32_t *ip, uint16_t *port) {
int c, t; int c, t;
size_t i; size_t i;
char *r;
uint32_t x; uint32_t x;
if (n == -1) n = s ? strlen(s) : 0; if (n == -1) n = s ? strlen(s) : 0;
if (n) { if (n) {
t = x = i = 0; t = x = i = 0;
if ((r = strrchr(s, ','))) {
i = r - s;
if ((s[++i] & 255) == ' ') ++i; // skip optional space
}
do { do {
c = s[i++] & 255; c = s[i++] & 255;
if (isdigit(c)) { if (isdigit(c)) {

3
tool/net/help.txt
View file

@ -574,7 +574,8 @@ FUNCTIONS
Returns client ip4 address and port, e.g. 0x01020304,31337 would Returns client ip4 address and port, e.g. 0x01020304,31337 would
represent 1.2.3.4:31337. This is the same as GetClientAddr except represent 1.2.3.4:31337. This is the same as GetClientAddr except
it will use the ip:port from the X-Forwarded-For header, only if it will use the ip:port from the X-Forwarded-For header, only if
IsPrivateIp or IsLoopbackIp return true. IsPrivateIp or IsLoopbackIp return true. When multiple addresses
are present in the header, the last/right-most address is used.
GetClientAddr() → ip:uint32,port:uint16 GetClientAddr() → ip:uint32,port:uint16
Returns client socket ip4 address and port, e.g. 0x01020304,31337 Returns client socket ip4 address and port, e.g. 0x01020304,31337

8
tool/net/redbean.c
View file

@ -822,8 +822,12 @@ static inline void GetRemoteAddr(uint32_t *ip, uint16_t *port) {
GetClientAddr(ip, port); GetClientAddr(ip, port);
if (HasHeader(kHttpXForwardedFor) && if (HasHeader(kHttpXForwardedFor) &&
(IsPrivateIp(*ip) || IsLoopbackIp(*ip))) { (IsPrivateIp(*ip) || IsLoopbackIp(*ip))) {
ParseForwarded(HeaderData(kHttpXForwardedFor), if (ParseForwarded(HeaderData(kHttpXForwardedFor),
HeaderLength(kHttpXForwardedFor), ip, port); HeaderLength(kHttpXForwardedFor),
ip, port) == -1)
WARNF("invalid X-Forwarded-For value: %`'.*s",
HeaderLength(kHttpXForwardedFor),
HeaderData(kHttpXForwardedFor));
} }
} }