Support for proxy_hide_header directive.

I need this to hide X-Frame-Options for a single location block.

From nginx docs:
By default, nginx does not pass the header fields “Date”, “Server”,
“X-Pad”, and “X-Accel-...” from the response of a proxied server to a
client. The proxy_hide_header directive sets additional fields that will
not be passed.
This commit is contained in:
Josh Samuelson 2016-05-12 09:09:16 -07:00
parent 091397c6ae
commit 12dfb7e98d
8 changed files with 38 additions and 1 deletions

View file

@ -93,6 +93,7 @@ class nginx::config(
'X-Real-IP $remote_addr', 'X-Real-IP $remote_addr',
'X-Forwarded-For $proxy_add_x_forwarded_for', 'X-Forwarded-For $proxy_add_x_forwarded_for',
], ],
$proxy_hide_header = [],
$sendfile = 'on', $sendfile = 'on',
$server_tokens = 'on', $server_tokens = 'on',
$spdy = 'off', $spdy = 'off',
@ -121,6 +122,7 @@ class nginx::config(
} }
validate_string($multi_accept) validate_string($multi_accept)
validate_array($proxy_set_header) validate_array($proxy_set_header)
validate_array($proxy_hide_header)
if ($proxy_http_version != undef) { if ($proxy_http_version != undef) {
validate_string($proxy_http_version) validate_string($proxy_http_version)
} }

View file

@ -61,6 +61,7 @@ class nginx (
$proxy_redirect = undef, $proxy_redirect = undef,
$proxy_send_timeout = undef, $proxy_send_timeout = undef,
$proxy_set_header = undef, $proxy_set_header = undef,
$proxy_hide_header = undef,
$sendfile = undef, $sendfile = undef,
$server_tokens = undef, $server_tokens = undef,
$spdy = undef, $spdy = undef,
@ -184,6 +185,7 @@ class nginx (
$proxy_redirect or $proxy_redirect or
$proxy_send_timeout or $proxy_send_timeout or
$proxy_set_header or $proxy_set_header or
$proxy_hide_header or
$proxy_temp_path or $proxy_temp_path or
$run_dir or $run_dir or
$sendfile or $sendfile or
@ -265,6 +267,7 @@ class nginx (
proxy_redirect => $proxy_redirect, proxy_redirect => $proxy_redirect,
proxy_send_timeout => $proxy_send_timeout, proxy_send_timeout => $proxy_send_timeout,
proxy_set_header => $proxy_set_header, proxy_set_header => $proxy_set_header,
proxy_hide_header => $proxy_hide_header,
proxy_temp_path => $proxy_temp_path, proxy_temp_path => $proxy_temp_path,
run_dir => $run_dir, run_dir => $run_dir,
sendfile => $sendfile, sendfile => $sendfile,

View file

@ -31,6 +31,7 @@
# [*proxy_connect_timeout*] - Override the default the proxy connect timeout # [*proxy_connect_timeout*] - Override the default the proxy connect timeout
# value of 90 seconds # value of 90 seconds
# [*proxy_set_header*] - Array of vhost headers to set # [*proxy_set_header*] - Array of vhost headers to set
# [*proxy_hide_header*] - Array of vhost headers to hide
# [*fastcgi*] - location of fastcgi (host:port) # [*fastcgi*] - location of fastcgi (host:port)
# [*fastcgi_param*] - Set additional custom fastcgi_params # [*fastcgi_param*] - Set additional custom fastcgi_params
# [*fastcgi_params*] - optional alternative fastcgi_params file to use # [*fastcgi_params*] - optional alternative fastcgi_params file to use
@ -147,6 +148,7 @@ define nginx::resource::location (
$proxy_read_timeout = $::nginx::config::proxy_read_timeout, $proxy_read_timeout = $::nginx::config::proxy_read_timeout,
$proxy_connect_timeout = $::nginx::config::proxy_connect_timeout, $proxy_connect_timeout = $::nginx::config::proxy_connect_timeout,
$proxy_set_header = $::nginx::config::proxy_set_header, $proxy_set_header = $::nginx::config::proxy_set_header,
$proxy_hide_header = $::nginx::config::proxy_hide_header,
$fastcgi = undef, $fastcgi = undef,
$fastcgi_param = undef, $fastcgi_param = undef,
$fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params", $fastcgi_params = "${::nginx::config::conf_dir}/fastcgi_params",
@ -216,6 +218,7 @@ define nginx::resource::location (
validate_string($proxy_read_timeout) validate_string($proxy_read_timeout)
validate_string($proxy_connect_timeout) validate_string($proxy_connect_timeout)
validate_array($proxy_set_header) validate_array($proxy_set_header)
validate_array($proxy_hide_header)
if ($fastcgi != undef) { if ($fastcgi != undef) {
validate_string($fastcgi) validate_string($fastcgi)
} }

View file

@ -214,6 +214,7 @@ define nginx::resource::vhost (
$proxy_read_timeout = $::nginx::config::proxy_read_timeout, $proxy_read_timeout = $::nginx::config::proxy_read_timeout,
$proxy_connect_timeout = $::nginx::config::proxy_connect_timeout, $proxy_connect_timeout = $::nginx::config::proxy_connect_timeout,
$proxy_set_header = $::nginx::config::proxy_set_header, $proxy_set_header = $::nginx::config::proxy_set_header,
$proxy_hide_header = $::nginx::config::proxy_hide_header,
$proxy_cache = false, $proxy_cache = false,
$proxy_cache_key = undef, $proxy_cache_key = undef,
$proxy_cache_use_stale = undef, $proxy_cache_use_stale = undef,
@ -367,6 +368,7 @@ define nginx::resource::vhost (
validate_string($proxy_redirect) validate_string($proxy_redirect)
} }
validate_array($proxy_set_header) validate_array($proxy_set_header)
validate_array($proxy_hide_header)
if ($proxy_cache != false) { if ($proxy_cache != false) {
validate_string($proxy_cache) validate_string($proxy_cache)
} }
@ -592,6 +594,7 @@ define nginx::resource::vhost (
proxy_cache_valid => $proxy_cache_valid, proxy_cache_valid => $proxy_cache_valid,
proxy_method => $proxy_method, proxy_method => $proxy_method,
proxy_set_header => $proxy_set_header, proxy_set_header => $proxy_set_header,
proxy_hide_header => $proxy_hide_header,
proxy_set_body => $proxy_set_body, proxy_set_body => $proxy_set_body,
fastcgi => $fastcgi, fastcgi => $fastcgi,
fastcgi_params => $fastcgi_params, fastcgi_params => $fastcgi_params,

View file

@ -476,7 +476,7 @@ describe 'nginx::config' do
:notmatch => 'proxy_http_version', :notmatch => 'proxy_http_version',
}, },
{ {
:title => 'should contain ordered appended directives', :title => 'should contain ordered appended proxy_set_header directives',
:attr => 'proxy_set_header', :attr => 'proxy_set_header',
:value => ['header1','header2'], :value => ['header1','header2'],
:match => [ :match => [
@ -484,6 +484,15 @@ describe 'nginx::config' do
' proxy_set_header header2;', ' proxy_set_header header2;',
], ],
}, },
{
:title => 'should contain ordered appended proxy_hide_header directives',
:attr => 'proxy_hide_header',
:value => ['header1','header2'],
:match => [
' proxy_hide_header header1;',
' proxy_hide_header header2;',
],
},
{ {
:title => 'should set client_body_temp_path', :title => 'should set client_body_temp_path',
:attr => 'client_body_temp_path', :attr => 'client_body_temp_path',

View file

@ -664,6 +664,15 @@ describe 'nginx::resource::location' do
/^\s+proxy_set_header\s+X-TestHeader2 value2;/, /^\s+proxy_set_header\s+X-TestHeader2 value2;/,
] ]
}, },
{
:title => 'should hide proxy headers',
:attr => 'proxy_hide_header',
:value => [ 'X-TestHeader1 value1', 'X-TestHeader2 value2' ],
:match => [
/^\s+proxy_hide_header\s+X-TestHeader1 value1;/,
/^\s+proxy_hide_header\s+X-TestHeader2 value2;/,
]
},
{ {
:title => 'should set proxy_method', :title => 'should set proxy_method',
:attr => 'proxy_method', :attr => 'proxy_method',

View file

@ -120,6 +120,9 @@ http {
<% @proxy_set_header.each do |header| -%> <% @proxy_set_header.each do |header| -%>
proxy_set_header <%= header %>; proxy_set_header <%= header %>;
<% end -%> <% end -%>
<% @proxy_hide_header.each do |header| -%>
proxy_hide_header <%= header %>;
<% end -%>
<% if @proxy_headers_hash_bucket_size -%> <% if @proxy_headers_hash_bucket_size -%>
proxy_headers_hash_bucket_size <%= @proxy_headers_hash_bucket_size %>; proxy_headers_hash_bucket_size <%= @proxy_headers_hash_bucket_size %>;
<% end -%> <% end -%>

View file

@ -13,6 +13,11 @@
proxy_set_header <%= header %>; proxy_set_header <%= header %>;
<%- end -%> <%- end -%>
<% end -%> <% end -%>
<% unless @proxy_hide_header.nil? -%>
<%- @proxy_hide_header.each do |header| -%>
proxy_hide_header <%= header %>;
<%- end -%>
<% end -%>
<% if @proxy_cache -%> <% if @proxy_cache -%>
proxy_cache <%= @proxy_cache %>; proxy_cache <%= @proxy_cache %>;
<% end -%> <% end -%>