X-Forwarded-Proto / X_FORWARDED_PROTO
normalperson at yhbt.net
Sun Jan 10 01:12:09 EST 2010
Iñaki Baz Castillo <ibc at aliax.net> wrote:
> El Domingo, 10 de Enero de 2010, skaar escribió:
> > > The Rack (and CGI) specs require that '-' be replaced with '_' for
> > > HTTP header names, so Unicorn is doing the correct thing and treating
> > > it as the same header.
> > but should it aggregate the values?
> Hi, review my other response in this thread.
> This is undefined. Some headers do allow multiple values separated by comma in
> the same header with the same meaning as varios headers with same name and
> single values. But this depends on each header specification.
>From reading rfc 2616, section 4.2 that all multi-value headers can be
combined with commas without changing semantics of the message.
There's also no other way (e.g. with an Array) to represent them for
 In the Real-World(TM), this is not true for Set-Cookie headers in
> In your case it seems valid for me (just an opinnion) as
> "HTTP_X_FORWARDED_PROTO: http,https" could mean that the request has been sent
> using HTTPS and an intermediary proxy has forwarded it using HTTP. Of course
> the final destination (Unicorn application) must be ready to support such
Is it safe to say that if there's an "https" *anywhere* in the
X-Forwarded-Proto chain, that "rack.url_scheme" should be set to
"https"? Because I suppose most of the time there's only one
(client-facing) proxy using https.
More information about the mongrel-unicorn