TUN-2850: Tunnel stripping Cloudflare headers

This commit is contained in:
Areg Harutyunyan 2020-03-30 22:51:48 +01:00
parent acea15161c
commit 0b2b6c8e12
1 changed files with 16 additions and 15 deletions

View File

@ -28,6 +28,10 @@ const (
// HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
for _, header := range h2 {
if !IsControlHeader(header.Name) {
continue
}
switch strings.ToLower(header.Name) {
case ":method":
h1.Method = header.Value
@ -72,16 +76,8 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
return fmt.Errorf("unparseable content length")
}
h1.ContentLength = contentLength
case "connection", "upgrade":
// for websocket header support
h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
default:
// Ignore any other header;
// User headers will be read from `RequestUserHeadersField`
continue
}
}
case RequestUserHeadersField:
// Do not forward the serialized headers to the origin -- deserialize them, and ditch the serialized version
// Find and parse user headers serialized into a single one
userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
if err != nil {
@ -90,6 +86,11 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
for _, userHeader := range userHeaders {
h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
}
default:
// All other control headers shall just be proxied transparently
h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
}
}
return nil
}