Iñaki Baz Castillo <[email protected]> wrote:
> El Domingo, 10 de Enero de 2010, skaar escribió:
> > > The Rack (and CGI) specs require that '-' be replaced with '_' for
> > > HTTP header names, so Unicorn is doing the correct thing and treating
> > > it as the same header.
> >
> > but should it aggregate the values?
>
> Hi, review my other response in this thread.
>
> This is undefined. Some headers do allow multiple values separated by comma
> in
> the same header with the same meaning as varios headers with same name and
> single values. But this depends on each header specification.
>From reading rfc 2616, section 4.2 that all multi-value headers can be
combined with commas without changing semantics of the message[1].
There's also no other way (e.g. with an Array) to represent them for
Rack...
[1] In the Real-World(TM), this is not true for Set-Cookie headers in
HTTP responses.
> In your case it seems valid for me (just an opinnion) as
> "HTTP_X_FORWARDED_PROTO: http,https" could mean that the request has been
> sent
> using HTTPS and an intermediary proxy has forwarded it using HTTP. Of course
> the final destination (Unicorn application) must be ready to support such
> syntax.
Is it safe to say that if there's an "https" *anywhere* in the
X-Forwarded-Proto chain, that "rack.url_scheme" should be set to
"https"? Because I suppose most of the time there's only one
(client-facing) proxy using https.
--
Eric Wong
_______________________________________________
Unicorn mailing list - [email protected]
http://rubyforge.org/mailman/listinfo/mongrel-unicorn
Do not quote signatures (like this one) or top post when replying
