pangolin_mirror/newt
1
0
Fork 0
mirror of https://github.com/fosrl/newt.git synced 2026-05-14 12:19:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix X-Forwarded-Proto always set to "http" for TLS connections

Browse Source 
httpConnCtx wraps *tls.Conn behind net.Conn, so Go's http.Server
cannot detect TLS via type assertion and r.TLS is always nil.
SetXForwarded() then always writes X-Forwarded-Proto: http.

Override using the isTLS context flag already set by ConnContext.
This commit is contained in:
rinseaid
2026-05-13 22:38:35 -04:00
parent ae48df97c8
commit 817824bd6f
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
netstack2/http_handler.go
View File

@@ -315,6 +315,13 @@ func (h *HTTPHandler) getProxy(target HTTPTarget) *httputil.ReverseProxy {
// Director means the proxy does not append its own automatic
// X-Forwarded-For entry, so the header is set exactly once.
pr.SetXForwarded()
// SetXForwarded derives X-Forwarded-Proto from pr.In.TLS,
// which is nil because httpConnCtx wraps *tls.Conn behind
// net.Conn. Override using the context flag set by ConnContext.
if isTLS, _ := pr.In.Context().Value(connTLSKey{}).(bool); isTLS {
pr.Out.Header.Set("X-Forwarded-Proto", "https")
}
},
Transport: transport,
}