Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Proxy is replacing part of address with an empty string #4635

Closed
jmacura opened this issue Jan 17, 2024 · 2 comments · Fixed by #4654
Closed

Proxy is replacing part of address with an empty string #4635

jmacura opened this issue Jan 17, 2024 · 2 comments · Fixed by #4654
Assignees
@jmacura @fzadrazil
Labels
bug server
Milestone
server 2.0

Comments

@jmacura
Copy link
Collaborator

jmacura commented Jan 17, 2024

Bug

Describe the bug
When a path to proxy is provided as a relative path, the proxy incorrectly throws away part of the original address resulting in an invalid URL.

To Reproduce
...

Expected behavior
The URL gets only encoded, no parts are dropped.

Screenshots

Additional context
observable on hub4everybody.com and watlas.lesprojekt.cz
@jmacura jmacura added this to the Future milestone Jan 17, 2024
This was referenced Jan 22, 2024
Closed
Merged
@jmacura
Copy link
Collaborator Author

jmacura commented Jan 30, 2024

Discovered so far:

  • only happens with hslayers-server on hub4everybody, watlas
  • not replicable on localhost
  • not replicable with a different type of proxy server
  • only happens when the URL is a WMS service from ArcGIS server
  • not replicable on non-ArcGIS WMS servers
  • the URL returned in GetCapabilities document is changed to the hostname of requesting server (h4e, watlas, ...), i.e. <OnlineResource xmlns:xlink="http://www.w3.org/1999/xlink" xlink:type="simple" xlink:href="https://watlas.lesprojekt.cz/arcgis2/services/dmr4g/ImageServer/WMSServer"/>
  • x-forwarded-for , x-forwarded-host and x-forwarded-server HTTP headers are added to the request when sent
  • sec-fetch-site HTTP header is cross-site on localhost but same-origin on the public server

@jmacura
Copy link
Collaborator Author

jmacura commented Jan 31, 2024
edited
Loading

Update:

  • seems to be caused by the X-Forwarded-Host HTTP header
  • the "xfwd": "false" option in http-proxy seems ineffective (the x-forwarded-* headers are appended anyway)

jmacura added a commit that referenced this issue Jan 31, 2024
@jmacura
fix(server): Do not send X-Forwarded-* headers via proxy
78411fb 
resolves #4635
@jmacura jmacura closed this as completed in aaa4782 Feb 5, 2024
@jmacura jmacura modified the milestones: Future, server 2.0 Feb 26, 2024
jmacura added a commit that referenced this issue Jun 20, 2024
@jmacura
fix(server): Do not send X-Forwarded-* headers via proxy
45ae199 
resolves #4635
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jmacura jmacura

@fzadrazil fzadrazil

Labels
bug server
Projects
None yet
Milestone
server 2.0
Development

Successfully merging a pull request may close this issue.

Create tests for hslayers-server and convert CommonJS files to ES syntax hslayers/hslayers-ng
2 participants
@jmacura @fzadrazil