aboutsummaryrefslogtreecommitdiffhomepage
path: root/modules/caddyhttp/reverseproxy/reverseproxy.go
diff options
context:
space:
mode:
Diffstat (limited to 'modules/caddyhttp/reverseproxy/reverseproxy.go')
-rw-r--r--modules/caddyhttp/reverseproxy/reverseproxy.go12
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/caddyhttp/reverseproxy/reverseproxy.go b/modules/caddyhttp/reverseproxy/reverseproxy.go
index 1a559e5dd..4f97edead 100644
--- a/modules/caddyhttp/reverseproxy/reverseproxy.go
+++ b/modules/caddyhttp/reverseproxy/reverseproxy.go
@@ -605,6 +605,18 @@ func (h Handler) prepareRequest(req *http.Request, repl *caddy.Replacer) (*http.
req.Header.Set("User-Agent", "")
}
+ // Indicate if request has been conveyed in early data.
+ // RFC 8470: "An intermediary that forwards a request prior to the
+ // completion of the TLS handshake with its client MUST send it with
+ // the Early-Data header field set to “1” (i.e., it adds it if not
+ // present in the request). An intermediary MUST use the Early-Data
+ // header field if the request might have been subject to a replay and
+ // might already have been forwarded by it or another instance
+ // (see Section 6.2)."
+ if req.TLS != nil && !req.TLS.HandshakeComplete {
+ req.Header.Set("Early-Data", "1")
+ }
+
reqUpType := upgradeType(req.Header)
removeConnectionHeaders(req.Header)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 01:36:14 +0000