Pass Host header to the backend #9
Comments
|
Hi @mklimuk I don't remember any specific reason for not passing Host header. On the other hand, host validation is used if CheckOrigin propery is not set which could be set and customized like this Do you know any specific reason @rjeczalik? |
|
Thanks @cihangir! I know about the CheckOrigin property but I thought it might be a potential security flaw to accept all origins. I'll stick to that for the time being. |
|
What about something like |
|
Sounds good, the only problem I have is that |
Proxies by default (like httputil.ReverseProxy) do not forward Host header. One needs to provide custom Director, that will copy the header from the original request. Relevant: https://groups.google.com/d/msg/golang-nuts/1ZWCqrs_Oiw/v74kHSG1-2cJ |
…eaders Useful in situations where a WebSocket HTTP server that is being proxied to requires custom headers, and also should fix issues like koding#9
@rjeczalik Could you point to where this is in the code? https://golang.org/src/net/http/httputil/reverseproxy.go?s=5114:5189#L159 My read here is that the host will get copied over along with all other headers in the httputil reverse proxy, whereas this code lets the gorilla dialer set the host by default to the proxy target's host. fwiw, i think an alternative fix to the original question might be: wsProxy.Director = func(req *http.Request, out http.Header) {
out.Set("Host", req.Host)
}then the |
The proxy should send the requested Host header up so that CheckOrigin passes correctly on the upstream target's side. Also see: //github.com/koding/websocketproxy/issues/9
|
@rjeczalik I ran into this same issue while trying to proxy a jupyter notebook and submitted a PR to forward the host header explicitly on the upgrade request. Many web apps use the host header for things like CSRF protection, virtual hosting, cookie names, etc., so not setting it explicitly can cause difficult to debug issues when proxying web apps like this. #28 |
Hello,
I'm trying to use the proxy with Gorilla websocket backend but if I understood correctly Gorilla does not like the absence of "Host" header in the proxified request (it verifies that Host == Origin). Is there a reason for not passing "Host" header through the proxy ? If not I'll be glad to prepare a PR.
Cheers,
Michal
The text was updated successfully, but these errors were encountered: