lib/rack/request.rb in rack-2.0.5 vs lib/rack/request.rb in rack-2.0.6
- old
+ new
@@ -9,10 +9,12 @@
# req = Rack::Request.new(env)
# req.post?
# req.params["data"]
class Request
+ SCHEME_WHITELIST = %w(https http).freeze
+
def initialize(env)
@params = nil
super(env)
end
@@ -186,14 +188,12 @@
def scheme
if get_header(HTTPS) == 'on'
'https'
elsif get_header(HTTP_X_FORWARDED_SSL) == 'on'
'https'
- elsif get_header(HTTP_X_FORWARDED_SCHEME)
- get_header(HTTP_X_FORWARDED_SCHEME)
- elsif get_header(HTTP_X_FORWARDED_PROTO)
- get_header(HTTP_X_FORWARDED_PROTO).split(',')[0]
+ elsif forwarded_scheme
+ forwarded_scheme
else
get_header(RACK_URL_SCHEME)
end
end
@@ -476,9 +476,22 @@
ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : []
end
def reject_trusted_ip_addresses(ip_addresses)
ip_addresses.reject { |ip| trusted_proxy?(ip) }
+ end
+
+ def forwarded_scheme
+ scheme_headers = [
+ get_header(HTTP_X_FORWARDED_SCHEME),
+ get_header(HTTP_X_FORWARDED_PROTO).to_s.split(',')[0]
+ ]
+
+ scheme_headers.each do |header|
+ return header if SCHEME_WHITELIST.include?(header)
+ end
+
+ nil
end
end
include Env
include Helpers