From: Jim Jagielski <jim@apache.org>
Date: Mon, 8 Oct 2007 12:47:12 +0000 (+0000)
Subject: Merge r580044, r580465 from trunk:
X-Git-Tag: 2.2.7~333
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0768a06a703389421fc70f8d5b24848613e8ea40;p=thirdparty%2Fapache%2Fhttpd.git

Merge r580044, r580465 from trunk:

Strip hop-by-hop headers in proxy response


Fix typo in header name "Trailer"

Submitted by: niq
Reviewed by: jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@582807 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index e98bf38eca2..fb511761ce6 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                         -*- coding: utf-8 -*-
 Changes with Apache 2.2.7
 
+  *) mod_proxy_http: strip hop-by-hop response headers
+     PR 43455 [Nick Kew]
+
   *) mod_proxy: Don't by default violate RFC2616 by setting
      Max-Forwards when the client didn't send it to us.
      Leave that as a configuration option.
diff --git a/STATUS b/STATUS
index 30fcde1b390..cf8f735c8c1 100644
--- a/STATUS
+++ b/STATUS
@@ -79,11 +79,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_proxy_http: strip hop-by-hop response headers
-     PR 43455
-     http://svn.apache.org/viewvc?view=rev&revision=580044
-     http://svn.apache.org/viewvc?view=rev&revision=580465
-     +1: niq, rpluem, jim
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/proxy/mod_proxy_http.c b/modules/proxy/mod_proxy_http.c
index 9617be8c3b0..cc1d8ce7f7c 100644
--- a/modules/proxy/mod_proxy_http.c
+++ b/modules/proxy/mod_proxy_http.c
@@ -1235,6 +1235,9 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
     int pread_len = 0;
     apr_table_t *save_table;
     int backend_broke = 0;
+    static const char *hop_by_hop_hdrs[] =
+        {"Keep-Alive", "Proxy-Authenticate", "TE", "Trailer", "Upgrade", NULL};
+    int i;
 
     bb = apr_brigade_create(p, c->bucket_alloc);
 
@@ -1375,6 +1378,11 @@ apr_status_t ap_proxy_http_process_response(apr_pool_t * p, request_rec *r,
             }
             ap_proxy_pre_http_request(origin,rp);
 
+            /* Clear hop-by-hop headers */
+            for (i=0; hop_by_hop_hdrs[i]; ++i) {
+                apr_table_unset(r->headers_out, hop_by_hop_hdrs[i]);
+            }
+
             /* handle Via header in response */
             if (conf->viaopt != via_off && conf->viaopt != via_block) {
                 const char *server_name = ap_get_server_name(r);