Forum: NGINX access to urldecoded headers

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
8389b1baedd7e2286b1414aed0aa44ad?d=identicon&s=25 Michael Ching (Guest)
on 2009-03-27 07:37
(Received via mailing list)
A problem when trying to proxy webdav/svn have is that when you proxy
https to an http backend, COPY requests do not work because of the
Destination: header.

The standard configuration to address this is:
set $destination $http_destination;
if ( $destination ~* ^https(.*)$ ) {
set $destination http$1;
}
proxy_set_header Destination $destination;

However, $http_destination is already urlescaped and becomes escaped
again as part of the capture.  This causes filenamess with spaces in
them to become double-escaped (i.e. " " represented by %2520 instead of
%20).

I have not done too much work in the nginx source, so I borrowed very
heavily from the code provided by Kirill K in his patch to urldecode
variable_arguments to create a patch which should allow access to
urldecoded copies of $http_ variables.  Changing $http_destination to
$urldecodehttp_destination with the following patch applied appears to
resolve the issue for us.

Any feedback as far as a better way to do this, problems with the code,
or issues that have been overlooked would be appreciated.

I was mostly unsure whether the ngx_palloc code and the "v->len = dst -
v->data;" lines were correct.

Michael


diff -u nginx-0.5.37/src/http/ngx_http_variables.c
nginx-0.5.37-decodepatch/src/http/ngx_http_variables.c
--- nginx-0.5.37/src/http/ngx_http_variables.c    2007-12-12
08:57:36.000000000 -0800
+++ nginx-0.5.37-decodepatch/src/http/ngx_http_variables.c    2009-03-26
23:06:26.000000000 -0700
@@ -22,6 +22,8 @@
 static ngx_int_t ngx_http_variable_headers(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data);

+static ngx_int_t
ngx_http_variable_unknown_header_in_urldecode(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t ngx_http_variable_unknown_header_in(ngx_http_request_t
*r,
     ngx_http_variable_value_t *v, uintptr_t data);
 static ngx_int_t
ngx_http_variable_unknown_header_out(ngx_http_request_t *r,
@@ -442,6 +444,17 @@
         return NULL;
     }

+    if (ngx_strncmp(name->data, "urldecodehttp_", 14) == 0) {
+
+        if (ngx_http_variable_unknown_header_in_urldecode(r, vv,
(uintptr_t) name)
+            == NGX_OK)
+        {
+            return vv;
+        }
+
+        return NULL;
+    }
+
     if (ngx_strncmp(name->data, "http_", 5) == 0) {

         if (ngx_http_variable_unknown_header_in(r, vv, (uintptr_t)
name)
@@ -632,6 +645,73 @@


 static ngx_int_t
+ngx_http_variable_unknown_header_in_urldecode(ngx_http_request_t *r,
+    ngx_http_variable_value_t *v, uintptr_t data)
+{
+    ngx_str_t *var = (ngx_str_t *) data;
+    ngx_list_part_t *part = &r->headers_in.headers.part;
+    size_t prefix = sizeof("urldecodehttp_") - 1;
+    u_char  *dst, *src;
+
+    u_char            ch;
+    ngx_uint_t        i, n;
+    ngx_table_elt_t  *header;
+
+    header = part->elts;
+
+    for (i = 0; /* void */ ; i++) {
+
+        if (i >= part->nelts) {
+            if (part->next == NULL) {
+                break;
+            }
+
+            part = part->next;
+            header = part->elts;
+            i = 0;
+        }
+
+        for (n = 0; n + prefix < var->len && n < header[i].key.len;
n++) {
+            ch = header[i].key.data[n];
+
+            if (ch >= 'A' && ch <= 'Z') {
+                ch |= 0x20;
+
+            } else if (ch == '-') {
+                ch = '_';
+            }
+
+            if (var->data[n + prefix] != ch) {
+                break;
+            }
+        }
+
+        if (n + prefix == var->len && n == header[i].key.len) {
+            v->data = ngx_palloc(r->pool, header[i].value.len);
+            if (v->data == NULL) {
+                v->not_found = 1;
+            }
+            else {
+                dst = v->data;
+                src = header[i].value.data;
+
+                ngx_unescape_uri(&dst, &src, header[i].value.len,
NGX_ESCAPE_ARGS);
+                v->len = dst - v->data;
+                v->valid = 1;
+                v->no_cacheable = 0;
+                v->not_found = 0;
+            }
+            return NGX_OK;
+        }
+    }
+
+    v->not_found = 1;
+
+    return NGX_OK;
+}
+
+
+static ngx_int_t
 ngx_http_variable_unknown_header_in(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
 {
@@ -1351,6 +1431,13 @@
             }
         }

+        if (ngx_strncmp(v[i].name.data, "urldecodehttp_", 14) == 0) {
+            v[i].get_handler =
ngx_http_variable_unknown_header_in_urldecode;
+            v[i].data = (uintptr_t) &v[i].name;
+
+            continue;
+        }
+
         if (ngx_strncmp(v[i].name.data, "http_", 5) == 0) {
             v[i].get_handler = ngx_http_variable_unknown_header_in;
             v[i].data = (uintptr_t) &v[i].name;
This topic is locked and can not be replied to.