[tor-commits] [meek/master] Recognize Meek-IP as a synonym of X-Forwarded-For.
dcf at torproject.org
dcf at torproject.org
Sun Dec 20 20:09:35 UTC 2015
commit edcca4e9f53a2858325dedf901bef54d4d9a8b71
Author: David Fifield <david at bamsoftware.com>
Date: Mon Dec 14 01:55:10 2015 -0800
Recognize Meek-IP as a synonym of X-Forwarded-For.
With higher precedence.
---
meek-server/useraddr.go | 5 ++++-
meek-server/useraddr_test.go | 34 +++++++++++++++++++++++++++++++++-
2 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/meek-server/useraddr.go b/meek-server/useraddr.go
index 680a6d8..a01944b 100644
--- a/meek-server/useraddr.go
+++ b/meek-server/useraddr.go
@@ -29,7 +29,10 @@ func originalClientIP(req *http.Request) (net.IP, error) {
var host string
var err error
- xForwardedFor := req.Header.Get("X-Forwarded-For")
+ xForwardedFor := req.Header.Get("Meek-IP")
+ if xForwardedFor == "" {
+ xForwardedFor = req.Header.Get("X-Forwarded-For")
+ }
if xForwardedFor != "" {
host, err = getXForwardedFor(xForwardedFor)
} else {
diff --git a/meek-server/useraddr_test.go b/meek-server/useraddr_test.go
index d603031..3f975fa 100644
--- a/meek-server/useraddr_test.go
+++ b/meek-server/useraddr_test.go
@@ -45,7 +45,8 @@ func TestOriginalClientIPRemoteAddr(t *testing.T) {
}
}
-// Test that originalClientIP reads the X-Forwarded-For header if present.
+// Test that originalClientIP reads the Meek-IP and X-Forwarded-For headers if
+// present.
func TestOriginalClientXForwardedFor(t *testing.T) {
tests := []struct {
XForwardedFor string
@@ -73,6 +74,8 @@ func TestOriginalClientXForwardedFor(t *testing.T) {
req := &http.Request{
Header: make(http.Header),
}
+ req.Header.Set("Meek-IP", test.XForwardedFor)
+ checkExpected(t, req, test.Expected)
req.Header.Set("X-Forwarded-For", test.XForwardedFor)
checkExpected(t, req, test.Expected)
}
@@ -99,6 +102,24 @@ func TestOriginalClientPrecedence(t *testing.T) {
http.Request{
RemoteAddr: "5.6.7.8:5678",
Header: http.Header{
+ http.CanonicalHeaderKey("Meek-IP"): []string{"1.2.3.4"},
+ },
+ },
+ net.IPv4(1, 2, 3, 4),
+ },
+ {
+ http.Request{
+ RemoteAddr: "5.6.7.8:5678",
+ Header: http.Header{
+ http.CanonicalHeaderKey("Meek-IP"): []string{"1:2::3:4"},
+ },
+ },
+ net.IP{0, 1, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 4},
+ },
+ {
+ http.Request{
+ RemoteAddr: "5.6.7.8:5678",
+ Header: http.Header{
http.CanonicalHeaderKey("X-Forwarded-For"): []string{"1.2.3.4"},
},
},
@@ -113,6 +134,17 @@ func TestOriginalClientPrecedence(t *testing.T) {
},
net.IP{0, 1, 0, 2, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 4},
},
+ // Meek-IP has precedence over X-Forwarded-For if both are set.
+ {
+ http.Request{
+ RemoteAddr: "5.6.7.8:5678",
+ Header: http.Header{
+ http.CanonicalHeaderKey("Meek-IP"): []string{"1.2.3.4"},
+ http.CanonicalHeaderKey("X-Forwarded-For"): []string{"2.2.2.2"},
+ },
+ },
+ net.IPv4(1, 2, 3, 4),
+ },
// X-Forwarded-For shadows RemoteAddr, even if bad syntax.
{
http.Request{
More information about the tor-commits
mailing list