Merge pull request #3934 from cloudfoundry-incubator/remove-fwd-headers

Ensure we remove X-Forward-* HTTP headers that can cause problems proxying API requests
cloudfoundry · Sep 30, 2019 · f9d2b2a · f9d2b2a
2 parents 03c4c61 + 9f4cf58
commit f9d2b2a
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/src/jetstream/passthrough.go b/src/jetstream/passthrough.go
@@ -188,8 +188,11 @@ func fwdCNSIStandardHeaders(cnsiRequest *interfaces.CNSIRequest, req *http.Reque
 		// Skip these
 		//  - "Referer" causes CF to fail with a 403
 		//  - "Connection", "X-Cap-*" and "Cookie" are consumed by us
-		// - "Accept-Encoding" must be excluded otherwise the transport will expect us to handle the encoding/compression
-		case k == "Connection", k == "Cookie", k == "Referer", k == "Accept-Encoding", strings.HasPrefix(strings.ToLower(k), "x-cap-"):
+		//  - "Accept-Encoding" must be excluded otherwise the transport will expect us to handle the encoding/compression
+		//  - X-Forwarded-* headers - these will confuse Cloud Foundry in some cases (e.g. load balancers)
+		case k == "Connection", k == "Cookie", k == "Referer", k == "Accept-Encoding",
+			strings.HasPrefix(strings.ToLower(k), "x-cap-"),
+			strings.HasPrefix(strings.ToLower(k), "x-forwarded-"):
 
 		// Forwarding everything else
 		default: