Opened 6 years ago

Closed 5 years ago

#537 closed defect (fixed)

TE hop header not stripped when proxying

Reported by: pornel.net Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.5.x
Keywords: Cc:
uname -a: Darwin .local 13.1.0 Darwin Kernel Version 13.1.0
nginx -V: nginx version: nginx/1.5.12
built by clang 5.1 (clang-503.0.38) (based on LLVM 3.4svn)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/Cellar/nginx/1.5.12 --with-http_ssl_module --with-pcre --with-ipv6 --sbin-path=/usr/local/Cellar/nginx/1.5.12/bin/nginx --with-cc-opt='-I/usr/local/Cellar/pcre/8.34/include -I/usr/local/Cellar/openssl/1.0.1f/include' --with-ld-opt='-L/usr/local/Cellar/pcre/8.34/lib -L/usr/local/Cellar/openssl/1.0.1f/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --pid-path=/usr/local/var/run/nginx.pid --lock-path=/usr/local/var/run/nginx.lock --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp --http-proxy-temp-path=/usr/local/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/usr/local/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/usr/local/var/run/nginx/uwsgi_temp --http-scgi-temp-path=/usr/local/var/run/nginx/scgi_temp --http-log-path=/usr/local/var/log/nginx/access.log --error-log-path=/usr/local/var/log/nginx/error.log --with-http_gzip_static_module

Description

TE is a hop-by-hop header and proxies must remove it. nginx forwards this header, even when it downgrades the request to HTTP/1.0. This causes an invalid HTTP/1.0 request to be generated.

In practice this invalid combination causes nodejs to respond with HTTP/1.1 response to HTTP/1.0 + TE request and makes chunked encoding misinterpreted as part of regular body response, malforming the data.

The setting:

proxy_set_header  TE "";

makes forwarded requests correct. This should be the default behavior.

Change History (3)

comment:1 by pornel.net, 6 years ago

To reproduce

    server {
        listen       8001;
        server_name  localhost;
        location / {
          proxy_pass        http://localhost:8002;
        }
    }
nc -l 8002 &
printf 'GET / HTTP/1.1\r\nTE:chunked\r\nHost:x\r\n\r\n' | nc localhost 8001

Actual result:

GET / HTTP/1.0
Host: localhost:8002
Connection: close
TE: chunked

Expected:

GET / HTTP/1.0
Host: localhost:8002
Connection: close

comment:2 by Maxim Dounin <mdounin@…>, 5 years ago

In 2d39085161018ca7d7608589737d8d8a9a20c74d/nginx:

Proxy: the "TE" header now stripped by default (ticket #537).

comment:3 by Maxim Dounin, 5 years ago

Resolution: fixed
Status: newclosed

Fix committed.

Note: See TracTickets for help on using tickets.