TUN-2850: Tunnel stripping Cloudflare headers

2020-03-30 22:51:48 +01:00 · 2020-03-30 22:51:48 +01:00 · 0b2b6c8e12
parent acea15161c
commit 0b2b6c8e12
1 changed files with 16 additions and 15 deletions
--- a/h2mux/header.go
+++ b/h2mux/header.go
@ -28,6 +28,10 @@ const (
 // HTTP/1 equivalents. See https://tools.ietf.org/html/rfc7540#section-8.1.2.3
 func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 	for _, header := range h2 {
+		if !IsControlHeader(header.Name) {
+			continue
+		}
+
 		switch strings.ToLower(header.Name) {
 		case ":method":
 			h1.Method = header.Value
@ -72,16 +76,8 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 				return fmt.Errorf("unparseable content length")
 			}
 			h1.ContentLength = contentLength
-		case "connection", "upgrade":
-			// for websocket header support
-			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
-		default:
-			// Ignore any other header;
-			// User headers will be read from `RequestUserHeadersField`
-			continue
-		}
-	}
-
+		case RequestUserHeadersField:
+			// Do not forward the serialized headers to the origin -- deserialize them, and ditch the serialized version
 			// Find and parse user headers serialized into a single one
 			userHeaders, err := ParseUserHeaders(RequestUserHeadersField, h2)
 			if err != nil {
@ -90,6 +86,11 @@ func H2RequestHeadersToH1Request(h2 []Header, h1 *http.Request) error {
 			for _, userHeader := range userHeaders {
 				h1.Header.Add(http.CanonicalHeaderKey(userHeader.Name), userHeader.Value)
 			}
+		default:
+			// All other control headers shall just be proxied transparently
+			h1.Header.Add(http.CanonicalHeaderKey(header.Name), header.Value)
+		}
+	}

 	return nil
 }