From 0b2b6c8e12e78dd25b5a38d92a8ea30d8c812fa9 Mon Sep 17 00:00:00 2001
From: Areg Harutyunyan <areg@cloudflare.com>
Date: Mon, 30 Mar 2020 22:51:48 +0100
Subject: [PATCH] TUN-2850: Tunnel stripping Cloudflare headers

---
 h2mux/header.go | 31 ++++++++++++++++---------------
 1 file changed, 16 insertions(+), 15 deletions(-)

diff --git a/h2mux/header.go b/h2mux/header.go
index c79846bf..dbec394f 100644
--- a/h2mux/header.go
+++ b/h2mux/header.go
@@ -28,6 +28,10 @@ const (
 // HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
 func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	for _, header := range h2 {
+		if !IsControlHeader(header.Name) {
+			continue
+		}
+
 		switch strings.ToLower(header.Name) {
 		case ":method":
 			h1.Method = header.Value
@@ -72,25 +76,22 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 				return fmt.Errorf("unparseable content length")
 			}
 			h1.ContentLength = contentLength
-		case "connection", "upgrade":
-			// for websocket header support
-			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
+		case RequestUserHeadersField:
+			// Do not forward the serialized headers to the origin -- deserialize them, and ditch the serialized version
+			// Find and parse user headers serialized into a single one
+			userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
+			if err != nil {
+				return errors.Wrap(err, "Unable to parse user headers")
+			}
+			for _, userHeader := range userHeaders {
+				h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
+			}
 		default:
-			// Ignore any other header;
-			// User headers will be read from `RequestUserHeadersField`
-			continue
+			// All other control headers shall just be proxied transparently
+			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
 		}
 	}
 
-	// Find and parse user headers serialized into a single one
-	userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
-	if err != nil {
-		return errors.Wrap(err, "Unable to parse user headers")
-	}
-	for _, userHeader := range userHeaders {
-		h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
-	}
-
 	return nil
 }