tatsuhiro-t / spdylay

The experimental SPDY protocol version 2, 3 and 3.1 implementation in C
http://tatsuhiro-t.github.io/spdylay/
MIT License
602 stars 103 forks source link

X-Forwarded-Proto leads to redirection loops #121

Closed wzyboy closed 10 years ago

wzyboy commented 10 years ago

It seems that, since commit https://github.com/tatsuhiro-t/spdylay/commit/0da1835f1308c3a9601ff59ac5d64d8144eafab9 , shrpx adds an X-Forwarded-Proto header to the request, and this leads to redirection loops on some websites.

One of these websites is 500px.com.

Let's try this:

curl -v http://500px.com/ -H X-Forwarded-Proto:https

We can see 500px.com "thinks" we are trying to visit an https version of its website, and will redirect us to http://500px.com/, but we are already there. Thus, a redirection loop occured. Chrome calls this ERR_TOO_MANY_REDIRECTS.

Could there be an option (add-x-forwarded-proto=no) to turn off this Header? Just like add-x-forwarded-for=no turns off X-Forwarded-For Header.

tatsuhiro-t commented 10 years ago

Thank you for reporting this issue. I think x-forwarded-proto should not be sent if shrpx is configured as forward proxy (-s or -p). I think you are using shrpx as SPDY proxy. I'll add some conditional not to send this header if -s or -p is used.

wzyboy commented 10 years ago

Yes. I am using running shrpx on my server with spdy-proxy=yes with a squid backend and configure my Google Chrome to use that server as a proxy.

Thanks for your great work!

tatsuhiro-t commented 10 years ago

Fix committed via a1df9a7 Could you verify that it works?

wzyboy commented 10 years ago

Yes it does! I can now visit 500px.com without ERR_TOO_MANY_REDIRECTS errors. Thanks.