Merge pull request #835 from vshn/httpoxy

Mitigating Httpoxy

manifests/config.pp

@@ -92,6 +92,7 @@ class nginx::config(
     'Host $host',
     'X-Real-IP $remote_addr',
     'X-Forwarded-For $proxy_add_x_forwarded_for',
+    'Proxy ""',
   ],
   $proxy_hide_header              = [],
   $sendfile                       = 'on',

spec/defines/resource_location_spec.rb

@@ -510,6 +510,14 @@ describe 'nginx::resource::location' do
                   with_content(%r|fastcgi_param\s+CUSTOM_PARAM2\s+value2;|)
         end
       end
+      
+      context "when fastcgi_param is {'HTTP_PROXY' => '""'}" do
+        let :params do default_params.merge({ :fastcgi_param => {'HTTP_PROXY' => '""'} }) end
+        it "should set fastcgi_param" do
+        should contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
+                  with_content(%r|fastcgi_param\s+HTTP_PROXY\s+"";|)
+        end
+      end
 
       context "when fastcgi_param is not set" do
         let :params do default_params end

templates/vhost/fastcgi_params.erb

@@ -25,3 +25,6 @@ fastcgi_param  HTTPS              $https;
 
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+
+# Mitigate httpoxy, see https://httpoxy.org/#fix-now
+fastcgi_param  HTTP_PROXY          "";