Fix req.protocol/req.secure when using "trust proxy" hops count

fixes #2569
closes #2570

Author: Paul Serby

History.md

@@ -1,3 +1,8 @@
+3.x
+===
+
+  * Fix `req.protocol`/`req.secure` when using "trust proxy" hops count
+
 3.20.0 / 2015-02-18
 ===================
 

lib/request.js

@@ -358,7 +358,7 @@ req.__defineGetter__('protocol', function(){
     : 'http';
   var trust = this.app.get('trust proxy fn');
 
-  if (!trust(this.connection.remoteAddress)) {
+  if (!trust(this.connection.remoteAddress, 0)) {
     return proto;
   }
 

test/req.protocol.js

@@ -75,6 +75,23 @@ describe('req', function(){
         .get('/')
         .expect('http', done);
       })
+
+      describe('when trusting hop count', function () {
+        it('should respect X-Forwarded-Proto', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.use(function (req, res) {
+            res.end(req.protocol);
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-Proto', 'https')
+          .expect('https', done);
+        })
+      })
     })
 
     describe('when "trust proxy" is disabled', function(){

test/req.secure.js

@@ -78,6 +78,23 @@ describe('req', function(){
         .set('X-Forwarded-Proto', 'https, http')
         .expect('yes', done)
       })
+
+      describe('when "trust proxy" trusting hop count', function () {
+        it('should respect X-Forwarded-Proto', function (done) {
+          var app = express();
+
+          app.set('trust proxy', 1);
+
+          app.get('/', function (req, res) {
+            res.send(req.secure ? 'yes' : 'no');
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-Proto', 'https')
+          .expect('yes', done)
+        })
+      })
     })
   })
 })