From 950fae2fcb81a540d5b0ddc1f63e256bcc2eb192 Mon Sep 17 00:00:00 2001
From: xiaodongyu <xiaodongyu@yangqianguan.com>
Date: Tue, 19 Apr 2022 23:46:55 +0800
Subject: [PATCH] [fix] do not append XHeader values

---
 lib/http-proxy/passes/web-incoming.js         | 10 ++++----
 lib/http-proxy/passes/ws-incoming.js          |  8 +++----
 package.json                                  |  2 +-
 ...lib-http-proxy-passes-web-incoming-test.js | 21 ++++++++++++++++
 .../lib-http-proxy-passes-ws-incoming-test.js | 24 ++++++++++++++++++-
 5 files changed, 54 insertions(+), 11 deletions(-)

diff --git a/lib/http-proxy/passes/web-incoming.js b/lib/http-proxy/passes/web-incoming.js
index 7ae735514..07976f8ee 100644
--- a/lib/http-proxy/passes/web-incoming.js
+++ b/lib/http-proxy/passes/web-incoming.js
@@ -56,7 +56,7 @@ module.exports = {
   },
 
   /**
-   * Sets `x-forwarded-*` headers if specified in config.
+   * Sets `x-forwarded-*` headers if specified in config and there's none.
    *
    * @param {ClientRequest} Req Request object
    * @param {IncomingMessage} Res Response object
@@ -76,10 +76,10 @@ module.exports = {
     };
 
     ['for', 'port', 'proto'].forEach(function(header) {
-      req.headers['x-forwarded-' + header] =
-        (req.headers['x-forwarded-' + header] || '') +
-        (req.headers['x-forwarded-' + header] ? ',' : '') +
-        values[header];
+      var headerName = 'x-forwarded-' + header;
+      if (!req.headers[headerName]) {
+          req.headers[headerName] = values[header];
+      }
     });
 
     req.headers['x-forwarded-host'] = req.headers['x-forwarded-host'] || req.headers['host'] || '';
diff --git a/lib/http-proxy/passes/ws-incoming.js b/lib/http-proxy/passes/ws-incoming.js
index 270f23f45..1a7e24f88 100644
--- a/lib/http-proxy/passes/ws-incoming.js
+++ b/lib/http-proxy/passes/ws-incoming.js
@@ -59,10 +59,10 @@ module.exports = {
     };
 
     ['for', 'port', 'proto'].forEach(function(header) {
-      req.headers['x-forwarded-' + header] =
-        (req.headers['x-forwarded-' + header] || '') +
-        (req.headers['x-forwarded-' + header] ? ',' : '') +
-        values[header];
+      var headerName = 'x-forwarded-' + header;
+      if (!req.headers[headerName]) {
+          req.headers[headerName] = values[header];
+      }
     });
   },
 
diff --git a/package.json b/package.json
index 9fe81a26d..9edd4a32a 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "http-proxy",
-  "version": "1.18.1",
+  "version": "1.18.2",
   "repository": {
     "type": "git",
     "url": "https://github.com/http-party/node-http-proxy.git"
diff --git a/test/lib-http-proxy-passes-web-incoming-test.js b/test/lib-http-proxy-passes-web-incoming-test.js
index f6553d300..43bad81b8 100644
--- a/test/lib-http-proxy-passes-web-incoming-test.js
+++ b/test/lib-http-proxy-passes-web-incoming-test.js
@@ -69,6 +69,27 @@ describe('lib/http-proxy/passes/web.js', function() {
       expect(stubRequest.headers['x-forwarded-port']).to.be('8080');
       expect(stubRequest.headers['x-forwarded-proto']).to.be('http');
     });
+
+    it('do not change the x-forwarded-* header values if already exist on req.headers', function () {
+      var stubRequest = {
+        connection: {
+          remoteAddress: '192.168.1.2',
+          remotePort: '8080'
+        },
+        headers: {
+          host: '192.168.1.2:8080',
+          'x-forwarded-host': '192.168.1.3:8081',
+          'x-forwarded-for': '192.168.1.3',
+          'x-forwarded-port': '8081',
+          'x-forwarded-proto': 'https'
+        }
+      };
+      webPasses.XHeaders(stubRequest, {}, { xfwd: true });
+      expect(stubRequest.headers['x-forwarded-for']).to.be('192.168.1.3');
+      expect(stubRequest.headers['x-forwarded-port']).to.be('8081');
+      expect(stubRequest.headers['x-forwarded-proto']).to.be('https');
+      expect(stubRequest.headers['x-forwarded-host']).to.be('192.168.1.3:8081');
+    });
   });
 });
 
diff --git a/test/lib-http-proxy-passes-ws-incoming-test.js b/test/lib-http-proxy-passes-ws-incoming-test.js
index bfed888c0..f18e6d42f 100644
--- a/test/lib-http-proxy-passes-ws-incoming-test.js
+++ b/test/lib-http-proxy-passes-ws-incoming-test.js
@@ -9,7 +9,7 @@ describe('lib/http-proxy/passes/ws-incoming.js', function () {
         method: 'DELETE',
         headers: {}
       },
-      stubSocket = { 
+      stubSocket = {
         destroy: function () {
           // Simulate Socket.destroy() method when call
           destroyCalled = true;
@@ -116,5 +116,27 @@ describe('lib/http-proxy/passes/ws-incoming.js', function () {
       expect(stubRequest.headers['x-forwarded-port']).to.be('8181');
       expect(stubRequest.headers['x-forwarded-proto']).to.be('wss');
     });
+
+    it('do not change the x-forwarded-* header values if already exist on req.headers', function () {
+      var stubRequest = {
+        socket: {
+          remoteAddress: '192.168.1.3',
+          remotePort: '8181'
+        },
+        connection: {
+          pair: true
+        },
+        headers: {
+          host: '192.168.1.3:8181',
+          'x-forwarded-for': '192.168.1.2',
+          'x-forwarded-port': '8182',
+          'x-forwarded-proto': 'ws'
+        }
+      };
+      httpProxy.XHeaders(stubRequest, {}, { xfwd: true });
+      expect(stubRequest.headers['x-forwarded-for']).to.be('192.168.1.2');
+      expect(stubRequest.headers['x-forwarded-port']).to.be('8182');
+      expect(stubRequest.headers['x-forwarded-proto']).to.be('ws');
+    });
   });
 });