Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

passenger_set_header silently ignores headers with underscores #2032

Closed
TLINDEN opened this issue Feb 12, 2018 · 2 comments
Closed

passenger_set_header silently ignores headers with underscores #2032

TLINDEN opened this issue Feb 12, 2018 · 2 comments

Comments

@TLINDEN
Copy link

TLINDEN commented Feb 12, 2018

Issue report

Question 1: What is the problem?
When setting passenger_set_header to a header containing underscores, nothing is being visible in the application and there's no error or warning message in the logs.

This doesn't work, that is, the header is not being created and there's no hint anywhere about the when and why the header was being ignored:

 passenger_set_header       X_CLIENT_DN     $ssl_client_s_dn;

However, this does work:

 passenger_set_header       X-CLIENT-DN     $ssl_client_s_dn;

And besides, it not only works, but the header which then appears to the application is HTTP_X_CLIENT_DN (with underscores again).

  • What is the expected behavior?

It shall just work or at least be reported to the error log. The documentation shall mention the undersore/dash translation behavior.

  • What is the actual behavior?

Headers containing underscores are being ignored silently.

  • How can we reproduce it?

I detailed the setup and test app on Stackoverflow.

Your answer:

Question 2: Passenger version and integration mode:

  • nginx modules
  • nginx/1.12.1
  • Phusion_Passenger/5.1.8

Your answer:

Question 3: OS or Linux distro, platform (including version):

  • FreeBSD 10.3, x86_64

Your answer:

Question 4: Passenger installation method:

Your answer:
[ ] RubyGems + Gemfile
[ ] RubyGems, no Gemfile
[ ] Phusion APT repo
[ ] Phusion YUM repo
[ ] OS X Homebrew
[ ] source tarball
[X] Other, please specify: ports

Question 5: Your app's programming language (including any version managers) and framework (including versions):

  • ruby 2.3.5p376 (2017-09-14 revision 59905) [amd64-freebsd10]

best regards,
TOm
@OnixGH
Copy link
Contributor

OnixGH commented Feb 12, 2018

Hi Tom, this behavior is intentional, to avoid a security vulnerability.

The option works similar to the proxy_set_header directive of the Nginx http proxy module (as mentioned by our docs), which also filters underscores by default.

I agree it could be made more explicit there, so I moved the issue there: phusion/passenger_library#68

Btw. we had considered logging but it's not great for per-request errors (log flood).

@OnixGH OnixGH closed this as completed Feb 12, 2018
@TLINDEN
Copy link
Author

TLINDEN commented Feb 13, 2018

Btw. we had considered logging but it's not great for per-request errors (log flood).

Well, but you could just report a fatal error and die, since such variables are not supported anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FooBarWidget @TLINDEN @OnixGH