Include X-Forwarded-Host when proxying and rewriting Host in Workhorse

The upstream will never be aware it's being proxied under a different Host otherwise if X-Forwarded-Host is not included, which is necessary in cases like constructed absolute redirects in Rails for example. Changelog: fixed

Include X-Forwarded-Host when proxying and rewriting Host in Workhorse
The upstream will never be aware it's being proxied under a different Host otherwise if X-Forwarded-Host is not included, which is necessary in cases like constructed absolute redirects in Rails for example. Changelog: fixed
8506644a · Catalin Irimie · eec06336 · 8506644a · 8506644a
Commit 8506644a authored Apr 05, 2022 by Catalin Irimie
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

workhorse/internal/proxy/proxy.go workhorse/internal/proxy/proxy.go +8 -0

workhorse/proxy_test.go workhorse/proxy_test.go +4 -0

No files found.
--- a/workhorse/internal/proxy/proxy.go
+++ b/workhorse/internal/proxy/proxy.go
@@ -57,6 +57,14 @@ func NewProxy(myURL *url.URL, version string, roundTripper http.RoundTripper, op
 		previousDirector := p.reverseProxy.Director
 		p.reverseProxy.Director = func(request *http.Request) {
 			previousDirector(request)
+
+			// send original host along for the upstream
+			// to know it's being proxied under a different Host
+			// (for redirects and other stuff that depends on this)
+			request.Header.Set("X-Forwarded-Host", request.Host)
+			request.Header.Set("Forwarded", fmt.Sprintf("host=%s", request.Host))
+
+			// override the Host with the target
 			request.Host = request.URL.Host
 		}
 	}

--- a/workhorse/proxy_test.go
+++ b/workhorse/proxy_test.go
@@ -41,6 +41,8 @@ func TestProxyRequest(t *testing.T) {
 		require.Equal(t, "test", r.Header.Get("Custom-Header"), "custom header")
 		require.Equal(t, testVersion, r.Header.Get("Gitlab-Workhorse"), "version header")
 		require.Equal(t, inboundURL.Host, r.Host, "sent host header")
+		require.Empty(t, r.Header.Get("X-Forwarded-Host"), "X-Forwarded-Host header")
+		require.Empty(t, r.Header.Get("Forwarded"), "Forwarded header")

 		require.Regexp(
 			t,
@@ -78,6 +80,8 @@ func TestProxyWithForcedTargetHostHeader(t *testing.T) {
 	urlRegexp := regexp.MustCompile(fmt.Sprintf(`%s\z`, inboundURL.Path))
 	ts := testhelper.TestServerWithHandler(urlRegexp, func(w http.ResponseWriter, r *http.Request) {
 		require.Equal(t, tsUrl.Host, r.Host, "upstream host header")
+		require.Equal(t, inboundURL.Host, r.Header.Get("X-Forwarded-Host"), "X-Forwarded-Host header")
+		require.Equal(t, fmt.Sprintf("host=%s", inboundURL.Host), r.Header.Get("Forwarded"), "Forwarded header")

 		_, err := w.Write([]byte(`ok`))
 		require.NoError(t, err, "write ok response")