You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Konrad Windszus (JIRA)" <ji...@apache.org> on 2016/08/01 10:25:21 UTC
[jira] [Commented] (FELIX-4923) SslFilterResponse doesn 't take in
account ssl-forward.header property
[ https://issues.apache.org/jira/browse/FELIX-4923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15401800#comment-15401800 ]
Konrad Windszus commented on FELIX-4923:
----------------------------------------
[~asanso] Even in your patch you making some assumptions about the header name and value. Is the comparison
{code}
if (cfg.sslValue.equalsIgnoreCase(httpReq.getHeader(cfg.sslHeader))) not enough here?
{code}
In case we really want to distinguish between the 3 cases:
1) HTTPS terminated at proxy in front, Felix accessed through HTTP
2) HTTP terminated at proxy in front, Felix accessed through HTTPS
3) Felix directly accessed through HTTP or HTTPS
we need to extend the OSGi configuration with a value for use case 2) as well.
> SslFilterResponse doesn 't take in account ssl-forward.header property
> ----------------------------------------------------------------------
>
> Key: FELIX-4923
> URL: https://issues.apache.org/jira/browse/FELIX-4923
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Reporter: Antonio Sanso
> Priority: Minor
> Attachments: FELIX-4923-patch.txt, FELIX-4923-patch.txt
>
>
> {{SslFilterResponse}} doesn 't take in account {{ssl-forward}}.header property.
> Indeed the {{SslFilterResponse}} constructor hardcodes {{HDR_X_FORWARDED_PROTO}}.
> {code}
> ...
> request.getHeader(HDR_X_FORWARDED_PROTO);
> ...
> {code}
> the {{ssl-forward}} osgin configuration should be taken in account IMHO. The default is even different than {{HDR_X_FORWARDED_PROTO}} indeed is rather {{X-Forwarded-SSL}}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)