Closed dmsnell closed 1 year ago
This is great stuff. This and your other PR were finally merged. I made a few small changes, but nothing major, and I added some tests.
One thing I didn't add a test for was the TLS or the X-Forwarded-For header, but I really like your suggestion for it.
Status
I know nothing about what I'm doing here and I didn't test any of this. What I've put together represents a draft idea for supporting a new interface to get the host data out of
simple_bridge
. I've only usedcowboy
and wouldn't say I'm an expert on how it operates or handles thehost
value (though I hope to experiment and test to find out).Would like some review of the general idea and approach. See #79 for a motivating example:
nitrogen_core
crashes when callingwf:url()
on acowboy
TLS server because it doesn't provide ahost
HTTP header. A cursory glance around the web turns up that Golang's standard library lifts thehost
header out of theheaders
and into a request property there as well. some part of Python'srequests
might omit theHost
HTTP header in some cases but I didn't look deep enough to confirm.Description
The
host
value for a given request may depend on multiple values:Host
HTTP headerX-Forwarded-For
HTTP headerHost
property of the request set by the HTTP serverWhen applications rely on getting this value diretly through the HTTP headers they may run into issues with this being undefined or wrong. Possible scenarios may include:
Host
HTTP header:authority
parameter.X-Forwarded-For
HTTP headerIn this patch we're adding a new
host/1
callback so that the underlying implementation can provide a proper value for the request's host, whether or not it's set as an HTTP header, and whether or not a proxy might be providing more accurate information.