search

trunk-rs / trunk

Build, bundle & ship your Rust WASM application to the web.
https://trunkrs.dev/
Apache License 2.0
3.45k stars 250 forks source link

Host header from request is included in proxied requests #879

Open fiadliel opened 4 days ago

fiadliel commented 4 days ago

During the work to add custom headers when proxying, I think a regression occurred: the host header from the request is passed through to the backend if no custom header value is set. In many cases, this will result in the target service rejecting the request.

At https://github.com/trunk-rs/trunk/blob/91ea5636d51489c410c5891983d7b4b10fde3b4b/src/proxy.rs#L173 there is a check for if the HOST header is set. However, this is an amalgamation of both request headers and added headers at this point, so it is generally true.

Ideally, the authority of the upstream would be used in the default case where there is no custom header for HOST.

ctron commented 4 days ago

Hm, looks strange indeed. I think the host header should be the provided/configured value, or the backend value (in that order). But never the request value. Right?

Could you come up with a PR?