From 3404c4c651c0401d341eb7af2b77f5365b436434 Mon Sep 17 00:00:00 2001
From: Marco Fretz <marco.fretz@vshn.ch>
Date: Fri, 22 Jul 2016 09:17:41 +0200
Subject: [PATCH 1/3] unset HTTP_PROXY header

---
 templates/vhost/fastcgi_params.erb | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/vhost/fastcgi_params.erb b/templates/vhost/fastcgi_params.erb
index a786da2..127e4a5 100644
--- a/templates/vhost/fastcgi_params.erb
+++ b/templates/vhost/fastcgi_params.erb
@@ -25,3 +25,6 @@ fastcgi_param  HTTPS              $https;
 
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
+
+# Mitigate httpoxy, see https://httpoxy.org/#fix-now
+fastcgi_param  HTTP_PROXY          "";

From 64c7b2c03cd3f2713f394ee8b96715ff1c3506a8 Mon Sep 17 00:00:00 2001
From: Marco Fretz <marco.fretz@vshn.ch>
Date: Fri, 22 Jul 2016 09:55:03 +0200
Subject: [PATCH 2/3] unset Proxy header in proxy config

---
 manifests/config.pp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/manifests/config.pp b/manifests/config.pp
index 4f8d7f0..7b59b1b 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -92,6 +92,7 @@ class nginx::config(
     'Host $host',
     'X-Real-IP $remote_addr',
     'X-Forwarded-For $proxy_add_x_forwarded_for',
+    'Proxy ""',
   ],
   $proxy_hide_header              = [],
   $sendfile                       = 'on',

From b17020dca8feac27446d15e4f8aea2a86d025d04 Mon Sep 17 00:00:00 2001
From: Matthew Haughton <3flex@users.noreply.github.com>
Date: Mon, 18 Jul 2016 12:10:27 -0400
Subject: [PATCH 3/3] test httpoxy workaround

---
 spec/defines/resource_location_spec.rb | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/spec/defines/resource_location_spec.rb b/spec/defines/resource_location_spec.rb
index 48e4a4b..8b4eb06 100644
--- a/spec/defines/resource_location_spec.rb
+++ b/spec/defines/resource_location_spec.rb
@@ -510,6 +510,14 @@ describe 'nginx::resource::location' do
                   with_content(%r|fastcgi_param\s+CUSTOM_PARAM2\s+value2;|)
         end
       end
+      
+      context "when fastcgi_param is {'HTTP_PROXY' => '""'}" do
+        let :params do default_params.merge({ :fastcgi_param => {'HTTP_PROXY' => '""'} }) end
+        it "should set fastcgi_param" do
+        should contain_concat__fragment("vhost1-500-" + Digest::MD5.hexdigest("#{params[:location]}")).
+                  with_content(%r|fastcgi_param\s+HTTP_PROXY\s+"";|)
+        end
+      end
 
       context "when fastcgi_param is not set" do
         let :params do default_params end