simonoakesepimorphics
commented
6 years ago Closed skwlilac closed 5 years ago
simonoakesepimorphics
commented
6 years ago 
skwlilac
commented
6 years ago A couple more thoughts/comments:
As far as I know, X-Forwarded-Host may carry both the host name and a non-default port number from the original request. It's not clear to me that the host(host) call in the middle of:
To address the problems reported in #207 and #185 please can we add support for the following HTTP protocol request headers:
The
Forwardedheader is a standardised header that covers the functionality of the other two, but all 3 seem to be in use. Note thathostvalues can carry both hostname and port number.A minimum request would be to implement just
X-Forwarded-ProtoIn combination these headers provide a mechanism to pass information about the originating client's request URI through to potentially multiple layers proxies used in the a service implementation. Crucially in the case of ELDA they provide a means to make a distinction between requests that originate using
https:URI orhttp:URI so that ELDA can use the correct scheme in the relevant absolute URI that it generates in responses.The relevant URI in ELDA's case are those that it explicitly generates in the page metadata and during the rendering process were it may add URI for sorted and filtered variants of a page. However, I believe that all the relevant URI are generated from a single 'pageURI' which, afaict, is currently computed by the method
RouterRestlet.makeRequestURI(...).It may also be work checking other code locations that are influenced by
api:basesettings in Elda config files.If any of these headers are present, scheme, host and port, should take precidence over any default in the absence of an
api:baseconfiguration. Ifapi:basehas a relative value, then header supplied scheme, host and prot (such as are supplied) should take precidence (since they will not have been assert in a relativeapi:base). Ifapi:baseis given as an absolute URI (ie. one with a scheme - and I think inevitably a host) then I think it should be respected, though that (along with any of this request) is up for discussion.