1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
From 089df0727ffab1b3b69f2e6da40597c52e346013 Mon Sep 17 00:00:00 2001
From: Evan Phoenix <evan@phx.io>
Date: Tue, 19 May 2020 15:20:10 -0700
Subject: [PATCH] Reduce ambiguity of headers
---
ext/puma_http11/http11_parser.c | 4 +++-
ext/puma_http11/http11_parser.rl | 4 +++-
lib/puma/server.rb | 31 +++++++++++++++++++++++++++++++
3 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/ext/puma_http11/http11_parser.c b/ext/puma_http11/http11_parser.c
index 453f8cd40..e8844a37e 100644
--- a/ext/puma_http11/http11_parser.c
+++ b/ext/puma_http11/http11_parser.c
@@ -14,12 +14,14 @@
/*
* capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
*/
static void snake_upcase_char(char *c)
{
if (*c >= 'a' && *c <= 'z')
*c &= ~0x20;
+ else if (*c == '_')
+ *c = ',';
else if (*c == '-')
*c = '_';
}
diff --git a/ext/puma_http11/http11_parser.rl b/ext/puma_http11/http11_parser.rl
index 880c1d40b..62452ba7c 100644
--- a/ext/puma_http11/http11_parser.rl
+++ b/ext/puma_http11/http11_parser.rl
@@ -12,12 +12,14 @@
/*
* capitalizes all lower-case ASCII characters,
- * converts dashes to underscores.
+ * converts dashes to underscores, and underscores to commas.
*/
static void snake_upcase_char(char *c)
{
if (*c >= 'a' && *c <= 'z')
*c &= ~0x20;
+ else if (*c == '_')
+ *c = ',';
else if (*c == '-')
*c = '_';
}
diff --git a/lib/puma/server.rb b/lib/puma/server.rb
index d870b383f..5b2cd94df 100644
--- a/lib/puma/server.rb
+++ b/lib/puma/server.rb
@@ -665,6 +665,37 @@ def handle_request(req, lines)
}
end
+ # Fixup any headers with , in the name to have _ now. We emit
+ # headers with , in them during the parse phase to avoid ambiguity
+ # with the - to _ conversion for critical headers. But here for
+ # compatibility, we'll convert them back. This code is written to
+ # avoid allocation in the common case (ie there are no headers
+ # with , in their names), that's why it has the extra conditionals.
+
+ to_delete = nil
+ to_add = nil
+
+ env.each do |k,v|
+ if k.start_with?("HTTP_") and k.include?(",") and k != "HTTP_TRANSFER,ENCODING"
+ if to_delete
+ to_delete << k
+ else
+ to_delete = [k]
+ end
+
+ unless to_add
+ to_add = {}
+ end
+
+ to_add[k.gsub(",", "_")] = v
+ end
+ end
+
+ if to_delete
+ to_delete.each { |k| env.delete(k) }
+ env.merge! to_add
+ end
+
# A rack extension. If the app writes #call'ables to this
# array, we will invoke them when the request is done.
#
From 0a3c09a0603857f088571d0eb69e0b9adee0fed1 Mon Sep 17 00:00:00 2001
From: Evan Phoenix <evan@phx.io>
Date: Tue, 19 May 2020 15:34:06 -0700
Subject: [PATCH] Adjust test to match real world value
---
test/test_puma_server.rb | 1 +
1 file changed, 1 insertion(+)
diff --git a/test/test_puma_server.rb b/test/test_puma_server.rb
index 9d40cd5f3..375eca399 100644
--- a/test/test_puma_server.rb
+++ b/test/test_puma_server.rb
@@ -137,6 +137,7 @@ def test_default_server_port
req = Net::HTTP::Get.new("/")
req['HOST'] = "example.com"
+ req['X-FORWARDED-PROTO'] = "https,http"
res = Net::HTTP.start @host, @server.connected_port do |http|
http.request(req)
|
GitWeb