Skip to content

Commit

Permalink
refactor(tools/http): simplify check_https() with ngx.var
Browse files Browse the repository at this point in the history
  • Loading branch information
chronolaw committed Jun 5, 2024
1 parent 4adb677 commit 3b19be9
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions kong/tools/http.lua
Original file line number Diff line number Diff line change
Expand Up @@ -210,16 +210,16 @@ _M.check_https = function(trusted_ip, allow_terminated)
-- otherwise, we fall back to relying on the client scheme
-- (which was either validated earlier, or we fall through this block)
if trusted_ip then
local scheme = ngx.req.get_headers()["x-forwarded-proto"]
local scheme = ngx.var["x-forwarded-proto"]

-- we could use the first entry (lower security), or check the contents of
-- each of them (slow). So for now defensive, and error
-- out on multiple entries for the x-forwarded-proto header.
if type(scheme) == "table" then
if scheme:find(",", 1, true) then
return nil, "Only one X-Forwarded-Proto header allowed"
end

return tostring(scheme):lower() == "https"
return scheme:lower() == "https"
end

return false
Expand Down

0 comments on commit 3b19be9

Please sign in to comment.