Support X-Forwarded-Port (#7070)

* support for the X-Forwarded-Prefix header * remove comments * refactoring * refactoring * path.Clean * support X-Forwarded-Port * Update weed/s3api/auth_signature_v4.go Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * Update weed/s3api/auto_signature_v4_test.go Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com> * more tests --------- Co-authored-by: gemini-code-assist[bot] <176961590+gemini-code-assist[bot]@users.noreply.github.com>
2025-08-01 15:45:34 -07:00
parent fd447465c2
commit 3d4e8409a5
2 changed files with 105 additions and 1 deletions
--- a/weed/s3api/auth_signature_v4.go
+++ b/weed/s3api/auth_signature_v4.go
@@ -490,7 +490,16 @@ func extractSignedHeaders(signedHeaders []string, r *http.Request) (http.Header,
 func extractHostHeader(r *http.Request) string {
 	// Check for X-Forwarded-Host header first, which is set by reverse proxies
 	if forwardedHost := r.Header.Get("X-Forwarded-Host"); forwardedHost != "" {
-		// Using reverse proxy with X-Forwarded-Host.
+		// Check if reverse proxy also forwarded the port
+		if forwardedPort := r.Header.Get("X-Forwarded-Port"); forwardedPort != "" {
+			// Determine the protocol to check for standard ports
+			proto := r.Header.Get("X-Forwarded-Proto")
+			// Only add port if it's not the standard port for the protocol
+            if (proto == "https" && forwardedPort != "443") || (proto != "https" && forwardedPort != "80") {
+				return forwardedHost + ":" + forwardedPort
+			}
+		}
+		// Using reverse proxy with X-Forwarded-Host (standard port or no port forwarded).
 		return forwardedHost
 	}