Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#757 closed defect (invalid)

map fails to match hostnames values - possibly following proxy_pass

Reported by: Steeve Knight Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.7.x
Keywords: map Cc:
uname -a: Linux <drop-name> 3.16.0-28-generic #37-Ubuntu SMP Mon Dec 8 17:15:28 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: 0.91-ubuntu1

Description

The following map sets up a value for my Access-Control-Allow-Origin


map $http_origin $corsHost {

default '-missed-me-ha-ha-';


hostnames;
.mastersite.com $http_origin;

#this never works
.minorsite.org $http_origin;

#this works fine
https://minorsite.org $http_origin;

}

Any of whatever.mastersite.com and minorsite.org proxy to mastersite.com via proxy_pass.
whatever.mastersite.com and minorsite.org then may make requests (usualy async) directly to mastersite.com.
whatever.mastersite.com Requests to mastersite.com work just fine and $corsHost is set properly
minorsite.org Requests to mastersite.com always fail and $corsHost is set to default.
Workaround is as above, avoiding the hostname combo and using the full request Origin string.

Change History (3)

comment:1 by Maxim Dounin, 5 years ago

Resolution: invalid
Status: newclosed

The map with hostnames is to match hostnames, not URLs. The .minorsite.org is expected to match minorsite.org and foo.minorsite.org, but not https://minorsite.org - as it's know nothing about https:// being special and doesn't know how https://minorsite.org is different from notreallyminorsite.org.

See docs more details.

comment:2 by Steeve Knight, 5 years ago

Nope - sorry, you missed it, and in fact the added comment will likely just inject confusion.
<quote>The .minorsite.org is expected to match minorsite.org and foo.minorsite.org</quote>
I'm telling the above DOES NOT MATCH.
Further, removing the #this works fine pair, and $http_origin being a fully qualified URL, https://minorsite.org NEVER MATCHES the hostname .minorsite.org, however if I change the default to $http_origin and test, https://minorsite.org in fact is returned into $corsHost, so I have thereby verified the test string. It fails where it should be matching.

comment:3 by Maxim Dounin, 5 years ago

Again: URLs and hostnames are different things. And https://minorsite.org is not a hostname. When parsed as a hostname, it's more like notminorsite.org, and it's _not_ expected to be matched. Try with minorsite.org instead (without the https:// prefix), it will be matched.

Note: See TracTickets for help on using tickets.