Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-3345

Backport [7.9] X-Forwarded-Proto: HTTP header gives 301 (HTTP in capitals!)

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • 2.28.09
    • 2.28.12
    • hst-api

    Description

      Background

      One of the proxies at the client sets the " X-Forwarded-Proto" header, somehow in capitals : "HTTP".

      Current situation

      The hst gives a 301 status code with as location the same url as the requested url.

      Reproduction

      • create a project with the archetype
        mvn archetype:generate \
        -DarchetypeGroupId=org.onehippo.cms7 \
        -DarchetypeArtifactId=hippo-project-archetype \
        -DarchetypeVersion=2.00.09 \
        -DarchetypeRepository=http://maven.onehippo.com/maven2
        
      • use the default options
      • cd to myhippoproject
      • mvn clean package
      • mvn -Pcargo.run
      • go to http://localhost:8080/site
      • add news support
      • rebuild and run according to instructions
      • In another terminal run:
        wget -O /dev/null -S --no-proxy --header 'Host: localhost' --header 'X-Forwarded-Proto: HTTP' 'http://localhost:8080/site/'
        
      • observe the redirects:
        $ wget -O /dev/null -S --no-proxy --header 'Host: localhost' --header 'X-Forwarded-Proto: HTTP' 'http://localhost:8080/site/'
        --2015-06-08 15:16:32--  http://localhost:8080/site/
        Resolving localhost... ::1, 127.0.0.1
        Connecting to localhost|::1|:8080... connected.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Date: Mon, 08 Jun 2015 13:16:32 GMT
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Connecting to localhost|::1|:80... connected.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=100
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=99
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=98
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=97
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=96
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=95
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=94
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=93
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=92
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=91
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=90
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=89
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=88
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=87
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=86
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=85
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=84
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=83
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=82
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        --2015-06-08 15:16:32--  http://localhost/site/
        Reusing existing connection to [localhost]:80.
        HTTP request sent, awaiting response... 
          HTTP/1.1 301 Moved Permanently
          Date: Mon, 08 Jun 2015 13:16:32 GMT
          Server: Apache-Coyote/1.1
          Location: http://localhost/site/
          Content-Length: 0
          Keep-Alive: timeout=5, max=81
          Connection: Keep-Alive
        Location: http://localhost/site/ [following]
        20 redirections exceeded.
        

      Desired situation

      The delivery tier gives a 200 status code and the requested webpage.

      • Now observe the expected behaviour:
        $ wget -O /dev/null -S --no-proxy --header 'Host: localhost' --header 'X-Forwarded-Proto: http' 'http://localhost:8080/site/'
        --2015-06-08 15:17:42--  http://localhost:8080/site/
        Resolving localhost... ::1, 127.0.0.1
        Connecting to localhost|::1|:8080... connected.
        HTTP request sent, awaiting response... 
          HTTP/1.1 200 OK
          Server: Apache-Coyote/1.1
          Content-Type: text/html;charset=UTF-8
          Transfer-Encoding: chunked
          Date: Mon, 08 Jun 2015 13:17:43 GMT
        Length: unspecified [text/html]
        Saving to: '/dev/null'
        
        /dev/null                                              [ <=>                                                                                                               ]   1.08K  --.-KB/s   in 0s     
        
        2015-06-08 15:17:43 (66.2 MB/s) - '/dev/null' saved [1111]
        
        
        

      Solution

      See attached patch. The solution also exists for other headers. The patch only contains a solution for the X-Forwarded-Proto header. Additional work is needed to provide a robust solution that covers all headers.

      Remarks

      Back/Forward port might be needed.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: