Merge tag '3.20.1'

2025-12-06 12:19:51 +01:00 · 2015-02-28 23:29:23 -05:00 · 2015-02-28 23:29:23 -05:00 · cd6df7699d
commit cd6df7699d
parent 51f960f297 b2311c7402
7 changed files with 67 additions and 3 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -3,5 +3,6 @@ node_js:
  - "0.10"
  - "0.12"
 sudo: false
+before_install: "npm rm --save-dev connect-redis"
 script: "npm run-script test-ci"
 after_script: "npm install coveralls@2.10.0 && cat ./coverage/lcov.info | coveralls"
--- a/History.md
+++ b/History.md
@ -1,3 +1,9 @@
+unreleased
+==========
+
+  * Fix `req.host` when using "trust proxy" hops count
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
 4.12.0 / 2015-02-23
 ===================

@ -702,6 +708,12 @@
   - `app.route()` - Proxy to the app's `Router#route()` method to create a new route
   - Router & Route - public API

+3.20.1 / 2015-02-28
+===================
+
+  * Fix `req.host` when using "trust proxy" hops count
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
 3.20.0 / 2015-02-18
 ===================

--- a/lib/request.js
+++ b/lib/request.js
@ -268,7 +268,7 @@ defineGetter(req, 'protocol', function protocol(){
    : 'http';
  var trust = this.app.get('trust proxy fn');

-  if (!trust(this.connection.remoteAddress)) {
+  if (!trust(this.connection.remoteAddress, 0)) {
    return proto;
  }

@ -378,7 +378,7 @@ defineGetter(req, 'hostname', function hostname(){
  var trust = this.app.get('trust proxy fn');
  var host = this.get('X-Forwarded-Host');

-  if (!host || !trust(this.connection.remoteAddress)) {
+  if (!host || !trust(this.connection.remoteAddress, 0)) {
    host = this.get('Host');
  }

--- a/package.json
+++ b/package.json
@ -60,7 +60,6 @@
    "mocha": "~2.1.0",
    "should": "~5.0.1",
    "supertest": "~0.15.0",
-    "hjs": "~0.0.6",
    "body-parser": "~1.12.0",
    "connect-redis": "~2.2.0",
    "cookie-parser": "~1.3.4",
--- a/test/req.host.js
+++ b/test/req.host.js
@ -117,6 +117,24 @@ describe('req', function(){
        .set('Host', 'example.com')
        .expect('example.com', done);
      })
+
+      describe('when trusting hop count', function () {
+        it('should respect X-Forwarded-Host', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.use(function (req, res) {
+            res.end(req.host);
+          });
+
+          request(app)
+          .get('/')
+          .set('Host', 'localhost')
+          .set('X-Forwarded-Host', 'example.com')
+          .expect('example.com', done);
+        })
+      })
    })

    describe('when "trust proxy" is disabled', function(){
--- a/test/req.protocol.js
+++ b/test/req.protocol.js
@ -75,6 +75,23 @@ describe('req', function(){
        .get('/')
        .expect('http', done);
      })
+
+      describe('when trusting hop count', function () {
+        it('should respect X-Forwarded-Proto', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.use(function (req, res) {
+            res.end(req.protocol);
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-Proto', 'https')
+          .expect('https', done);
+        })
+      })
    })

    describe('when "trust proxy" is disabled', function(){
--- a/test/req.secure.js
+++ b/test/req.secure.js
@ -78,6 +78,23 @@ describe('req', function(){
        .set('X-Forwarded-Proto', 'https, http')
        .expect('yes', done)
      })
+
+      describe('when "trust proxy" trusting hop count', function () {
+        it('should respect X-Forwarded-Proto', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.get('/', function (req, res) {
+            res.send(req.secure ? 'yes' : 'no');
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-Proto', 'https')
+          .expect('yes', done)
+        })
+      })
    })
  })
 })