RedirectScheme redirects based on X-Forwarded-Proto header

2022-06-24 12:04:09 +02:00 · 2022-06-24 12:04:09 +02:00 · ff17ac53df
commit ff17ac53df
parent 55ba4356f2
3 changed files with 31 additions and 5 deletions
--- a/pkg/middlewares/redirect/redirect_scheme.go
+++ b/pkg/middlewares/redirect/redirect_scheme.go
@ -13,8 +13,9 @@ import (
 )

 const (
-	typeSchemeName = "RedirectScheme"
-	uriPattern     = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
+	typeSchemeName  = "RedirectScheme"
+	uriPattern      = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`
+	xForwardedProto = "X-Forwarded-Proto"
 )

 // NewRedirectScheme creates a new RedirectScheme middleware.
@ -63,7 +64,11 @@ func rawURLScheme(req *http.Request) string {
 		scheme = schemeHTTPS
 	}

-	if scheme == schemeHTTP && port == ":80" || scheme == schemeHTTPS && port == ":443" || port == "" {
+	if value := req.Header.Get(xForwardedProto); value != "" {
+		scheme = value
+	}
+
+	if scheme == schemeHTTP && port == ":80" || scheme == schemeHTTPS && port == ":443" {
 		port = ""
 	}

--- a/pkg/middlewares/redirect/redirect_scheme_test.go
+++ b/pkg/middlewares/redirect/redirect_scheme_test.go
@ -47,11 +47,22 @@ func TestRedirectSchemeHandler(t *testing.T) {
 			},
 			url: "http://foo",
 			headers: map[string]string{
-				"X-Forwarded-Proto": "https",
+				"X-Forwarded-Proto": "http",
 			},
 			expectedURL:    "https://foo",
 			expectedStatus: http.StatusFound,
 		},
+		{
+			desc: "HTTP to HTTPS, with X-Forwarded-Proto to HTTPS",
+			config: dynamic.RedirectScheme{
+				Scheme: "https",
+			},
+			url: "http://foo",
+			headers: map[string]string{
+				"X-Forwarded-Proto": "https",
+			},
+			expectedStatus: http.StatusOK,
+		},
 		{
 			desc: "HTTP with port to HTTPS without port",
 			config: dynamic.RedirectScheme{