HTTP/2: use scheme from original request for pushes (closes #1549).

Instead of the connection scheme, use scheme from the original request.
This fixes pushes when SSL is terminated by a proxy server in front of
nginx.

diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
index d3fdf05e3bec8d53919f9262f8a99032148b1996..09737700a6d383c95f782452935b41feb7e49b85 100644 (file)
--- a/src/http/v2/ngx_http_v2.c
+++ b/src/http/v2/ngx_http_v2.c
@@ -2616,16 +2616,13 @@ ngx_http_v2_push_stream(ngx_http_v2_stream_t *parent, ngx_str_t *path)
     r->method_name = ngx_http_core_get_method;
     r->method = NGX_HTTP_GET;
 
-#if (NGX_HTTP_SSL)
-    if (fc->ssl) {
-        ngx_str_set(&r->schema, "https");
-
-    } else
-#endif
-    {
-        ngx_str_set(&r->schema, "http");
+    r->schema.data = ngx_pstrdup(pool, &parent->request->schema);
+    if (r->schema.data == NULL) {
+        goto close;
     }
 
+    r->schema.len = parent->request->schema.len;
+
     value.data = ngx_pstrdup(pool, path);
     if (value.data == NULL) {
         goto close;

diff --git a/src/http/v2/ngx_http_v2_filter_module.c b/src/http/v2/ngx_http_v2_filter_module.c
index 029e8ece298e3765f7c430a36ce859334fd3e740..853faefd31efbd699ce1a96d4415bb7d26ad2783 100644 (file)
--- a/src/http/v2/ngx_http_v2_filter_module.c
+++ b/src/http/v2/ngx_http_v2_filter_module.c
@@ -944,15 +944,15 @@ ngx_http_v2_push_resource(ngx_http_request_t *r, ngx_str_t *path,
 
     ph = ngx_http_v2_push_headers;
 
+    len = ngx_max(r->schema.len, path->len);
+
     if (binary[0].len) {
-        tmp = ngx_palloc(r->pool, path->len);
+        tmp = ngx_palloc(r->pool, len);
         if (tmp == NULL) {
             return NGX_ERROR;
         }
 
     } else {
-        len = path->len;
-
         for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
             h = (ngx_table_elt_t **) ((char *) &r->headers_in + ph[i].offset);
 
@@ -994,7 +994,7 @@ ngx_http_v2_push_resource(ngx_http_request_t *r, ngx_str_t *path,
     len = (h2c->table_update ? 1 : 0)
           + 1
           + 1 + NGX_HTTP_V2_INT_OCTETS + path->len
-          + 1;
+          + 1 + NGX_HTTP_V2_INT_OCTETS + r->schema.len;
 
     for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {
         len += binary[i].len;
@@ -1025,18 +1025,20 @@ ngx_http_v2_push_resource(ngx_http_request_t *r, ngx_str_t *path,
     *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_PATH_INDEX);
     pos = ngx_http_v2_write_value(pos, path->data, path->len, tmp);
 
-#if (NGX_HTTP_SSL)
-    if (fc->ssl) {
-        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0,
-                       "http2 push header: \":scheme: https\"");
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, fc->log, 0,
+                   "http2 push header: \":scheme: %V\"", &r->schema);
+
+    if (r->schema.len == 5 && ngx_strncmp(r->schema.data, "https", 5) == 0) {
         *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTPS_INDEX);
 
-    } else
-#endif
+    } else if (r->schema.len == 4
+               && ngx_strncmp(r->schema.data, "http", 4) == 0)
     {
-        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, fc->log, 0,
-                       "http2 push header: \":scheme: http\"");
         *pos++ = ngx_http_v2_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+
+    } else {
+        *pos++ = ngx_http_v2_inc_indexed(NGX_HTTP_V2_SCHEME_HTTP_INDEX);
+        pos = ngx_http_v2_write_value(pos, r->schema.data, r->schema.len, tmp);
     }
 
     for (i = 0; i < NGX_HTTP_V2_PUSH_HEADERS; i++) {