From c7db2d7f32363ba0264c499fd9f4167c72904d39 Mon Sep 17 00:00:00 2001 From: isaacagudo Date: Mon, 11 Jun 2018 10:57:02 +0200 Subject: [PATCH] alpha support for x-forwarded-proto Check whether the 'x-forwarded-proto' headers is set to HTTPS, in this case asume that even if the actual protocol for the request is HTTP we should use HTTPS for checking the signature. --- src/hmac-sha1.coffee | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/hmac-sha1.coffee b/src/hmac-sha1.coffee index b4e2c02..9b738ec 100644 --- a/src/hmac-sha1.coffee +++ b/src/hmac-sha1.coffee @@ -68,6 +68,10 @@ class HMAC_SHA1 encrypted = req.connection.encrypted protocol = (encrypted and 'https') or 'http' + # alpha support for x-forwarded-proto + if req.get('x-forwarded-proto') == 'https' + protocol = 'https' + parsedUrl = url.parse originalUrl, true hitUrl = protocol + '://' + req.headers.host + parsedUrl.pathname