QGIS Server: unable to calculate service URL if X-Forwarded-Proto has more than one value #64940
Description
What is the bug or the crash?
QGIS Server calculates the service URL using a well defined sequence of steps.
If X-Forwarded-Host and X-Forwarded-Proto headers are defined, the service URL is calculated based on those.
Current service URL calculation
If X-Forwarded-Proto header has multiple values, the calculation fails and no service URL is provided (even if Host and X-Forwarded-Host are present).
Example headers received:
11:38:17 INFO Server[200531]: HTTP HEADER Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
11:38:17 INFO Server[200531]: HTTP HEADER Host: visualizador-idea.ambiente.azores.gov.pt
11:38:17 INFO Server[200531]: HTTP HEADER User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:147.0) Gecko/20100101 Firefox/147.0
11:38:17 INFO Server[200531]: HTTP HEADER X-Forwarded-For: 2a12:26c0:4003:f800:fa6:20cc:a30e:1285
11:38:17 INFO Server[200531]: HTTP HEADER X-Forwarded-Host: visualizador-idea.ambiente.azores.gov.pt
11:38:17 INFO Server[200531]: HTTP HEADER X-Forwarded-Proto: https, https, HTTPS
The capabilities document from this request shows an empty service URL.
<ows:OperationsMetadata>
<ows:Operation name="GetCapabilities">
<ows:DCP>
<ows:HTTP>
<ows:Get xlink:href=""/>
<ows:Post xlink:href=""/>
</ows:HTTP>
</ows:DCP>
<ows:Parameter name="service">
<ows:Value>WFS</ows:Value>
</ows:Parameter>
<ows:Parameter name="AcceptVersions">
<ows:Value>1.1.0</ows:Value>
<ows:Value>1.0.0</ows:Value>
</ows:Parameter>
<ows:Parameter name="AcceptFormats">
<ows:Value>text/xml</ows:Value>
</ows:Parameter>
</ows:Operation>
<ows:Operation name="DescribeFeatureType">
<ows:DCP>
<ows:HTTP>
</ows:HTTP>
</ows:DCP>
<ows:Parameter name="outputFormat">
<ows:Value>XMLSCHEMA</ows:Value>
<ows:Value>text/xml; subtype=gml/2.1.2</ows:Value>
<ows:Value>text/xml; subtype=gml/3.1.1</ows:Value>
</ows:Parameter>
</ows:Operation>
<ows:Operation name="GetFeature">
<ows:DCP>
<ows:HTTP>
<ows:Get xlink:href=""/>
<ows:Post xlink:href=""/>
</ows:HTTP>
</ows:DCP>
<ows:Parameter name="outputFormat">
<ows:Value>text/xml; subtype=gml/2.1.2</ows:Value>
<ows:Value>text/xml; subtype=gml/3.1.1</ows:Value>
<ows:Value>application/vnd.geo+json</ows:Value>
</ows:Parameter>
<ows:Parameter name="resultType">
<ows:Value>results</ows:Value>
<ows:Value>hits</ows:Value>
</ows:Parameter>
</ows:Operation>
<ows:Operation name="Transaction">
<ows:DCP>
<ows:HTTP>
<ows:Get xlink:href=""/>
<ows:Post xlink:href=""/>
</ows:HTTP>
</ows:DCP>
<ows:Parameter name="inputFormat">
<ows:Value>text/xml; subtype=gml/2.1.2</ows:Value>
<ows:Value>text/xml; subtype=gml/3.1.1</ows:Value>
<ows:Value>application/vnd.geo+json</ows:Value>
</ows:Parameter>
</ows:Operation>The problem
If X-Forwarded-Proto header has multiple values, the service URL in the capabilities is empty.
Usually X-Forwarded-Proto header has just one value, like httpor https. But X-Forwarded-Proto can have multiple values, when more than one proxy is used between the client and QGIS Server. Forward proxies like F5 or nginx can append the proto value to the X-Forwarded-Proto header.
This QGIS Server limitation was detected when running QGIS Server behind Cloudflare + F5 WAF + nginx. All the service URLs were empty.
PR is under preparation.
Steps to reproduce the issue
Not easy to reproduce.
Versions
Current master
Supported QGIS version
- I'm running a supported QGIS version according to the roadmap.
New profile
- I tried with a new QGIS profile
Additional context
No response