Update HTTPS server variable in ProxyHeaderModule

twsouthwick · twsouthwick · commit d78c437d0412 · 2022-07-21T15:46:54.000-07:00
We were updating SERVER_PROTOCOL which is not used in IIS for HTTP/HTTPS, but rather the version of HTTP. Instead, we need to update the HTTPS server variable.
diff --git a/src/Microsoft.AspNetCore.SystemWebAdapters/Adapters/ForwardedHost.Shared.cs b/src/Microsoft.AspNetCore.SystemWebAdapters/Adapters/ForwardedHost.Shared.cs
@@ -12,19 +12,23 @@ namespace Microsoft.AspNetCore.SystemWebAdapters;
 
 internal readonly struct ForwardedHost
 {
+    private readonly int? _port;
+
     public ForwardedHost(string host, string? proto)
     {
         var hostString = HostString.FromUriComponent(host);
 
+        IsSecure = string.Equals("https", proto, StringComparison.OrdinalIgnoreCase);
         ServerName = hostString.Host;
-        Port = hostString.Port is int p ? p : GetDefaultPort(proto);
+        _port = hostString.Port;
     }
 
-    private static int GetDefaultPort(string? proto)
-        => string.Equals("https", proto, StringComparison.OrdinalIgnoreCase) ? 443 : 80;
+    private int DefaultPort => IsSecure ? 443 : 80;
+
+    public bool IsSecure { get; }
 
     public string ServerName { get; }
 
-    public int Port { get; }
+    public int Port => _port is int port ? port : DefaultPort;
 }
 #endif
diff --git a/src/Microsoft.AspNetCore.SystemWebAdapters/Adapters/ProxyHeaderModule.Framework.cs b/src/Microsoft.AspNetCore.SystemWebAdapters/Adapters/ProxyHeaderModule.Framework.cs
@@ -9,12 +9,15 @@
 
 namespace Microsoft.AspNetCore.SystemWebAdapters;
 
+/// <summary>
+/// Updates server and request variables based on proxy headers. See https://docs.microsoft.com/en-us/iis/web-dev-reference/server-variables for reference on what server variables should be used.
+/// </summary>
 internal class ProxyHeaderModule : IHttpModule
 {
     private const string Host = "Host";
+    private const string ServerHttps = "HTTPS";
     private const string ServerName = "SERVER_NAME";
     private const string ServerPort = "SERVER_PORT";
-    private const string ServerProtocol = "SERVER_PROTOCOL";
     private const string ForwardedProto = "x-forwarded-proto";
     private const string ForwardedHost = "x-forwarded-host";
 
@@ -71,26 +74,25 @@ public void UseHeaders(NameValueCollection requestHeaders, NameValueCollection s
 
             serverVariables.Set(ServerName, value.ServerName);
             serverVariables.Set(ServerPort, value.Port.ToString(CultureInfo.InvariantCulture));
+            serverVariables.Set(ServerHttps, value.IsSecure ? "YES" : "NO");
 
             requestHeaders[Host] = host;
         }
-
-        if (proto is { })
-        {
-            serverVariables.Set(ServerProtocol, proto);
-        }
     }
 
     private void UseOptions(NameValueCollection requestHeaders, NameValueCollection serverVariables)
     {
         UseForwardedFor(requestHeaders, serverVariables);
 
+        var serverHttps = string.Equals("https", _options.Scheme, StringComparison.OrdinalIgnoreCase) ? "ON" : "OFF";
+
         serverVariables.Set(ServerName, _options.ServerName);
         serverVariables.Set(ServerPort, _options.ServerPortString);
-        serverVariables.Set(ServerProtocol, _options.Scheme);
+        serverVariables.Set(ServerHttps, serverHttps);
         requestHeaders[Host] = _options.ServerHostString;
     }
 
+
     private static void UseForwardedFor(NameValueCollection requestHeaders, NameValueCollection serverVariables)
     {
         if (requestHeaders["x-forwarded-for"] is { } remote)
diff --git a/test/Microsoft.AspNetCore.SystemWebAdapters.Framework.Tests/ProxyHeaderModuleTests.cs b/test/Microsoft.AspNetCore.SystemWebAdapters.Framework.Tests/ProxyHeaderModuleTests.cs
@@ -17,6 +17,9 @@ public class ProxyHeaderModuleTests
     private const string RemoteHost = "REMOTE_HOST";
     private const string ServerName = "SERVER_NAME";
     private const string ServerPort = "SERVER_PORT";
+    private const string ServerHttps = "HTTPS";
+    private const string Yes = "YES";
+    private const string No = "NO";
 
     [Fact]
     public void NoHeaderChange()
@@ -57,6 +60,7 @@ public void HostWithPortNoProto()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("localhost:81", requestHeaders[Host]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(No, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -81,6 +85,7 @@ public void HostWithNoPortNoProto()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("localhost", requestHeaders[Host]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(No, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -106,6 +111,7 @@ public void HostWithNoPortHttp()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("localhost", requestHeaders[Host]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(No, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -132,6 +138,7 @@ public void HostAlreadySet()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("localhost", requestHeaders[Host]);
         Assert.Equal("localhost2:90", requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(No, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -157,6 +164,7 @@ public void HostWithNoPortHttps()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("localhost", requestHeaders[Host]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(Yes, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -182,6 +190,7 @@ public void IPv6NoPort()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("::1", requestHeaders[Host]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(Yes, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -207,6 +216,7 @@ public void IPv6WithPort()
         Assert.Null(serverVariables[RemoteHost]);
         Assert.Equal("[::1]:81", requestHeaders[Host]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);
+        Assert.Equal(Yes, serverVariables[ServerHttps]);
     }
 
     [Fact]
@@ -230,6 +240,7 @@ public void ForwardedForSet()
         Assert.Null(requestHeaders[Host]);
         Assert.Null(serverVariables[ServerName]);
         Assert.Null(serverVariables[ServerPort]);
+        Assert.Null(serverVariables[ServerHttps]);
         Assert.Equal(ForwardedForValue, serverVariables[RemoteAddress]);
         Assert.Equal(ForwardedForValue, serverVariables[RemoteHost]);
         Assert.Null(requestHeaders[options.OriginalHostHeaderName]);

Original file line number	Diff line number	Diff line change
`@@ -12,19 +12,23 @@ namespace Microsoft.AspNetCore.SystemWebAdapters;`
`12`	`12`
`13`	`13`	`internal readonly struct ForwardedHost`
`14`	`14`	`{`
	`15`	`+ private readonly int? _port;`
	`16`	`+`
`15`	`17`	`public ForwardedHost(string host, string? proto)`
`16`	`18`	`{`
`17`	`19`	`var hostString = HostString.FromUriComponent(host);`
`18`	`20`
	`21`	`+ IsSecure = string.Equals("https", proto, StringComparison.OrdinalIgnoreCase);`
`19`	`22`	`ServerName = hostString.Host;`
`20`		`- Port = hostString.Port is int p ? p : GetDefaultPort(proto);`
	`23`	`+ _port = hostString.Port;`
`21`	`24`	`}`
`22`	`25`
`23`		`- private static int GetDefaultPort(string? proto)`
`24`		`- => string.Equals("https", proto, StringComparison.OrdinalIgnoreCase) ? 443 : 80;`
	`26`	`+ private int DefaultPort => IsSecure ? 443 : 80;`
	`27`	`+`
	`28`	`+ public bool IsSecure { get; }`
`25`	`29`
`26`	`30`	`public string ServerName { get; }`
`27`	`31`
`28`		`- public int Port { get; }`
	`32`	`+ public int Port => _port is int port ? port : DefaultPort;`
`29`	`33`	`}`
`30`	`34`	`#endif`