Add support for multiple proxy servers in HTTP_X_FORWARDED_HOST. Closes #3397

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@3412 5ecf4fe2-1ee6-0310-87b1-e25e094e27de

3 files changed, 13 insertions, 1 deletions

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index 0e94b9198f..3345998626 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Add support for multiple proxy servers to CgiRequest#host [gaetanot@comcast.net]
+
 * Documentation typo fix. #2367 [Blair Zajac]
 
 * Remove Upload Progress. #2871 [Sean Treadway]
diff --git a/actionpack/lib/action_controller/cgi_process.rb b/actionpack/lib/action_controller/cgi_process.rb
index 812899b327..1690f0bb58 100644
--- a/actionpack/lib/action_controller/cgi_process.rb
+++ b/actionpack/lib/action_controller/cgi_process.rb
@@ -79,7 +79,13 @@ module ActionController #:nodoc:
     end
 
     def host
-      env["HTTP_X_FORWARDED_HOST"] || ($1 if env['HTTP_HOST'] && /^(.*):\d+$/ =~ env['HTTP_HOST']) || @cgi.host.to_s.split(":").first || ''
+      if env["HTTP_X_FORWARDED_HOST"] 
+        env["HTTP_X_FORWARDED_HOST"].split(/,\s?/).last
+      elsif env['HTTP_HOST'] =~ /^(.*):\d+$/
+        $1
+      else 
+        @cgi.host.to_s.split(":").first || ''
+      end 
     end
     
     def port
diff --git a/actionpack/test/controller/cgi_test.rb b/actionpack/test/controller/cgi_test.rb
index bcfb8b96a0..a38f2519ec 100755
--- a/actionpack/test/controller/cgi_test.rb
+++ b/actionpack/test/controller/cgi_test.rb
@@ -327,6 +327,10 @@ class CGIRequestTest < Test::Unit::TestCase
     @request_hash.delete "HTTP_X_FORWARDED_HOST"
     @request_hash['HTTP_HOST'] = "rubyonrails.org:8080"
     assert_equal "rubyonrails.org:8080", @request.host_with_port
+    
+    @request_hash['HTTP_X_FORWARDED_HOST'] = "www.firsthost.org, www.secondhost.org"
+    assert_equal "www.secondhost.org", @request.host
+    
   end
   
   def test_cookie_syntax_resilience