It is a common practice to host a web application behind a load balancer or reverse proxy. This by itself is not a problem for Athena. However it does allow a way for that extra metadata to be exposed. However, even if it was directly, they would lose the correct values since they'd be based on the reverse proxy/load balance and not the client's original request.
This PR introduces some additional ATH::Request methods to expose this extra metadata, as well as a means of handling the forwarded and/or x-forwarded-* headers that the proxy would forward to Athena. These will be used to ensure generated URLs in HTTP contexts are generated correctly, taking the proxy servers into account.
This feature is opt-in, and requires the IP addresses/ranges of the proxies that should be trusted to be configured explicitly.
Context
Certain request metadata, such as the scheme or if the request is secure are not currently available off the
HTTP::Request
. See https://github.com/crystal-lang/crystal/issues/5784, https://github.com/crystal-lang/crystal/issues/7096, and https://github.com/crystal-lang/crystal/issues/10246 for more details.It is a common practice to host a web application behind a load balancer or reverse proxy. This by itself is not a problem for Athena. However it does allow a way for that extra metadata to be exposed. However, even if it was directly, they would lose the correct values since they'd be based on the reverse proxy/load balance and not the client's original request.
This PR introduces some additional
ATH::Request
methods to expose this extra metadata, as well as a means of handling theforwarded
and/orx-forwarded-*
headers that the proxy would forward to Athena. These will be used to ensure generated URLs in HTTP contexts are generated correctly, taking the proxy servers into account.This feature is opt-in, and requires the IP addresses/ranges of the proxies that should be trusted to be configured explicitly.
Changelog
.unquote
,.split
, and.combine
methods toATH::HeaderUtils
ATH::IPUtils
#host
,#port
,#scheme
,#secure?
, and#from_trusted_proxy?
toATH::Request