RubyGems - rack - Versions diffs - 2.0.9.3 → 2.2.6.4 - Mend

rack 2.0.9.3 → 2.2.6.4

Potentially problematic release.

This version of rack might be problematic. Click here for more details.

Files changed (191) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +735 -0
data/CONTRIBUTING.md +136 -0
data/{COPYING → MIT-LICENSE} +4 -2
data/README.rdoc +151 -147
data/Rakefile +37 -23
data/{SPEC → SPEC.rdoc} +35 -10
data/bin/rackup +1 -0
data/example/lobster.ru +2 -0
data/example/protectedlobster.rb +3 -1
data/example/protectedlobster.ru +2 -0
data/lib/rack/auth/abstract/handler.rb +3 -1
data/lib/rack/auth/abstract/request.rb +1 -1
data/lib/rack/auth/basic.rb +7 -4
data/lib/rack/auth/digest/md5.rb +13 -11
data/lib/rack/auth/digest/nonce.rb +6 -3
data/lib/rack/auth/digest/params.rb +4 -2
data/lib/rack/auth/digest/request.rb +5 -3
data/lib/rack/body_proxy.rb +15 -14
data/lib/rack/builder.rb +116 -23
data/lib/rack/cascade.rb +28 -12
data/lib/rack/chunked.rb +68 -20
data/lib/rack/common_logger.rb +33 -25
data/lib/rack/conditional_get.rb +20 -16
data/lib/rack/config.rb +2 -0
data/lib/rack/content_length.rb +8 -7
data/lib/rack/content_type.rb +5 -4
data/lib/rack/core_ext/regexp.rb +14 -0
data/lib/rack/deflater.rb +59 -34
data/lib/rack/directory.rb +84 -64
data/lib/rack/etag.rb +7 -4
data/lib/rack/events.rb +19 -20
data/lib/rack/file.rb +4 -173
data/lib/rack/files.rb +218 -0
data/lib/rack/handler/cgi.rb +2 -3
data/lib/rack/handler/fastcgi.rb +4 -4
data/lib/rack/handler/lsws.rb +3 -3
data/lib/rack/handler/scgi.rb +9 -8
data/lib/rack/handler/thin.rb +3 -3
data/lib/rack/handler/webrick.rb +15 -6
data/lib/rack/handler.rb +7 -2
data/lib/rack/head.rb +1 -1
data/lib/rack/lint.rb +71 -25
data/lib/rack/lobster.rb +10 -10
data/lib/rack/lock.rb +2 -1
data/lib/rack/logger.rb +2 -0
data/lib/rack/media_type.rb +10 -5
data/lib/rack/method_override.rb +5 -3
data/lib/rack/mime.rb +9 -1
data/lib/rack/mock.rb +97 -20
data/lib/rack/multipart/generator.rb +17 -13
data/lib/rack/multipart/parser.rb +53 -56
data/lib/rack/multipart/uploaded_file.rb +15 -7
data/lib/rack/multipart.rb +4 -2
data/lib/rack/null_logger.rb +2 -0
data/lib/rack/query_parser.rb +59 -30
data/lib/rack/recursive.rb +7 -5
data/lib/rack/reloader.rb +8 -4
data/lib/rack/request.rb +222 -63
data/lib/rack/response.rb +127 -44
data/lib/rack/rewindable_input.rb +4 -3
data/lib/rack/runtime.rb +6 -4
data/lib/rack/sendfile.rb +13 -9
data/lib/rack/server.rb +95 -24
data/lib/rack/session/abstract/id.rb +34 -21
data/lib/rack/session/cookie.rb +11 -12
data/lib/rack/session/memcache.rb +4 -93
data/lib/rack/session/pool.rb +5 -3
data/lib/rack/show_exceptions.rb +21 -17
data/lib/rack/show_status.rb +9 -9
data/lib/rack/static.rb +23 -11
data/lib/rack/tempfile_reaper.rb +1 -1
data/lib/rack/urlmap.rb +13 -7
data/lib/rack/utils.rb +105 -111
data/lib/rack/version.rb +29 -0
data/lib/rack.rb +67 -73
data/rack.gemspec +40 -28
metadata +39 -182
data/HISTORY.md +0 -520
data/test/builder/an_underscore_app.rb +0 -5
data/test/builder/anything.rb +0 -5
data/test/builder/comment.ru +0 -4
data/test/builder/end.ru +0 -5
data/test/builder/line.ru +0 -1
data/test/builder/options.ru +0 -2
data/test/cgi/assets/folder/test.js +0 -1
data/test/cgi/assets/fonts/font.eot +0 -1
data/test/cgi/assets/images/image.png +0 -1
data/test/cgi/assets/index.html +0 -1
data/test/cgi/assets/javascripts/app.js +0 -1
data/test/cgi/assets/stylesheets/app.css +0 -1
data/test/cgi/lighttpd.conf +0 -26
data/test/cgi/rackup_stub.rb +0 -6
data/test/cgi/sample_rackup.ru +0 -5
data/test/cgi/test +0 -9
data/test/cgi/test+directory/test+file +0 -1
data/test/cgi/test.fcgi +0 -9
data/test/cgi/test.gz +0 -0
data/test/cgi/test.ru +0 -5
data/test/gemloader.rb +0 -10
data/test/helper.rb +0 -34
data/test/multipart/bad_robots +0 -259
data/test/multipart/binary +0 -0
data/test/multipart/content_type_and_no_filename +0 -6
data/test/multipart/empty +0 -10
data/test/multipart/fail_16384_nofile +0 -814
data/test/multipart/file1.txt +0 -1
data/test/multipart/filename_and_modification_param +0 -7
data/test/multipart/filename_and_no_name +0 -6
data/test/multipart/filename_with_encoded_words +0 -7
data/test/multipart/filename_with_escaped_quotes +0 -6
data/test/multipart/filename_with_escaped_quotes_and_modification_param +0 -7
data/test/multipart/filename_with_null_byte +0 -7
data/test/multipart/filename_with_percent_escaped_quotes +0 -6
data/test/multipart/filename_with_single_quote +0 -7
data/test/multipart/filename_with_unescaped_percentages +0 -6
data/test/multipart/filename_with_unescaped_percentages2 +0 -6
data/test/multipart/filename_with_unescaped_percentages3 +0 -6
data/test/multipart/filename_with_unescaped_quotes +0 -6
data/test/multipart/ie +0 -6
data/test/multipart/invalid_character +0 -6
data/test/multipart/mixed_files +0 -21
data/test/multipart/nested +0 -10
data/test/multipart/none +0 -9
data/test/multipart/quoted +0 -15
data/test/multipart/rack-logo.png +0 -0
data/test/multipart/semicolon +0 -6
data/test/multipart/text +0 -15
data/test/multipart/three_files_three_fields +0 -31
data/test/multipart/unity3d_wwwform +0 -11
data/test/multipart/webkit +0 -32
data/test/rackup/config.ru +0 -31
data/test/registering_handler/rack/handler/registering_myself.rb +0 -8
data/test/spec_auth_basic.rb +0 -89
data/test/spec_auth_digest.rb +0 -260
data/test/spec_body_proxy.rb +0 -85
data/test/spec_builder.rb +0 -233
data/test/spec_cascade.rb +0 -63
data/test/spec_cgi.rb +0 -84
data/test/spec_chunked.rb +0 -103
data/test/spec_common_logger.rb +0 -107
data/test/spec_conditional_get.rb +0 -103
data/test/spec_config.rb +0 -23
data/test/spec_content_length.rb +0 -86
data/test/spec_content_type.rb +0 -46
data/test/spec_deflater.rb +0 -375
data/test/spec_directory.rb +0 -148
data/test/spec_etag.rb +0 -108
data/test/spec_events.rb +0 -133
data/test/spec_fastcgi.rb +0 -85
data/test/spec_file.rb +0 -264
data/test/spec_handler.rb +0 -57
data/test/spec_head.rb +0 -46
data/test/spec_lint.rb +0 -520
data/test/spec_lobster.rb +0 -59
data/test/spec_lock.rb +0 -204
data/test/spec_logger.rb +0 -24
data/test/spec_media_type.rb +0 -42
data/test/spec_method_override.rb +0 -110
data/test/spec_mime.rb +0 -51
data/test/spec_mock.rb +0 -359
data/test/spec_multipart.rb +0 -721
data/test/spec_null_logger.rb +0 -21
data/test/spec_recursive.rb +0 -75
data/test/spec_request.rb +0 -1423
data/test/spec_response.rb +0 -528
data/test/spec_rewindable_input.rb +0 -128
data/test/spec_runtime.rb +0 -50
data/test/spec_sendfile.rb +0 -125
data/test/spec_server.rb +0 -193
data/test/spec_session_abstract_id.rb +0 -31
data/test/spec_session_abstract_session_hash.rb +0 -45
data/test/spec_session_cookie.rb +0 -442
data/test/spec_session_memcache.rb +0 -357
data/test/spec_session_persisted_secure_secure_session_hash.rb +0 -73
data/test/spec_session_pool.rb +0 -247
data/test/spec_show_exceptions.rb +0 -93
data/test/spec_show_status.rb +0 -104
data/test/spec_static.rb +0 -184
data/test/spec_tempfile_reaper.rb +0 -64
data/test/spec_thin.rb +0 -96
data/test/spec_urlmap.rb +0 -237
data/test/spec_utils.rb +0 -742
data/test/spec_version.rb +0 -11
data/test/spec_webrick.rb +0 -206
data/test/static/another/index.html +0 -1
data/test/static/foo.html +0 -1
data/test/static/index.html +0 -1
data/test/testrequest.rb +0 -78
data/test/unregistered_handler/rack/handler/unregistered.rb +0 -7
data/test/unregistered_handler/rack/handler/unregistered_long_one.rb +0 -7

data/lib/rack/request.rb CHANGED Viewed

@@ -1,5 +1,4 @@
-require 'rack/utils'
-require 'rack/media_type'
+# frozen_string_literal: true
 module Rack
   # Rack::Request provides a convenient interface to a Rack
@@ -11,7 +10,18 @@ module Rack
   #   req.params["data"]
   class Request
-    SCHEME_WHITELIST = %w(https http).freeze
+    (require_relative 'core_ext/regexp'; using ::Rack::RegexpExtensions) if RUBY_VERSION < '2.4'
+    class << self
+      attr_accessor :ip_filter
+    end
+    self.ip_filter = lambda { |ip| /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i.match?(ip) }
+    ALLOWED_SCHEMES = %w(https http).freeze
+    SCHEME_WHITELIST = ALLOWED_SCHEMES
+    if Object.respond_to?(:deprecate_constant)
+      deprecate_constant :SCHEME_WHITELIST
+    end
     def initialize(env)
       @params = nil
@@ -78,7 +88,7 @@ module Rack
       #   assert_equal 'image/png,*/*', request.get_header('Accept')
       #
       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
-      def add_header key, v
+      def add_header(key, v)
         if v.nil?
           get_header key
         elsif has_header? key
@@ -100,7 +110,7 @@ module Rack
     module Helpers
       # The set of form-data media-types. Requests that do not indicate
-      # one of the media types presents in this list will not be eligible
+      # one of the media types present in this list will not be eligible
       # for form-data / param parsing.
       FORM_DATA_MEDIA_TYPES = [
         'application/x-www-form-urlencoded',
@@ -108,7 +118,7 @@ module Rack
       ]
       # The set of media-types. Requests that do not indicate
-      # one of the media types presents in this list will not be eligible
+      # one of the media types present in this list will not be eligible
       # for param parsing like soap attachments or generic multiparts
       PARSEABLE_DATA_MEDIA_TYPES = [
         'multipart/related',
@@ -119,11 +129,23 @@ module Rack
       # to include the port in a generated URI.
       DEFAULT_PORTS = { 'http' => 80, 'https' => 443, 'coffee' => 80 }
-      HTTP_X_FORWARDED_SCHEME = 'HTTP_X_FORWARDED_SCHEME'.freeze
-      HTTP_X_FORWARDED_PROTO  = 'HTTP_X_FORWARDED_PROTO'.freeze
-      HTTP_X_FORWARDED_HOST   = 'HTTP_X_FORWARDED_HOST'.freeze
-      HTTP_X_FORWARDED_PORT   = 'HTTP_X_FORWARDED_PORT'.freeze
-      HTTP_X_FORWARDED_SSL    = 'HTTP_X_FORWARDED_SSL'.freeze
+      # The address of the client which connected to the proxy.
+      HTTP_X_FORWARDED_FOR = 'HTTP_X_FORWARDED_FOR'
+      # The contents of the host/:authority header sent to the proxy.
+      HTTP_X_FORWARDED_HOST = 'HTTP_X_FORWARDED_HOST'
+      # The value of the scheme sent to the proxy.
+      HTTP_X_FORWARDED_SCHEME = 'HTTP_X_FORWARDED_SCHEME'
+      # The protocol used to connect to the proxy.
+      HTTP_X_FORWARDED_PROTO = 'HTTP_X_FORWARDED_PROTO'
+      # The port used to connect to the proxy.
+      HTTP_X_FORWARDED_PORT = 'HTTP_X_FORWARDED_PORT'
+      # Another way for specifing https scheme was used.
+      HTTP_X_FORWARDED_SSL = 'HTTP_X_FORWARDED_SSL'
       def body;            get_header(RACK_INPUT)                         end
       def script_name;     get_header(SCRIPT_NAME).to_s                   end
@@ -159,10 +181,10 @@ module Rack
       def delete?;  request_method == DELETE  end
       # Checks the HTTP request method (or verb) to see if it was of type GET
-      def get?;     request_method == GET       end
+      def get?;     request_method == GET     end
       # Checks the HTTP request method (or verb) to see if it was of type HEAD
-      def head?;    request_method == HEAD      end
+      def head?;    request_method == HEAD    end
       # Checks the HTTP request method (or verb) to see if it was of type OPTIONS
       def options?; request_method == OPTIONS end
@@ -197,19 +219,52 @@ module Rack
         end
       end
+      # The authority of the incoming request as defined by RFC3976.
+      # https://tools.ietf.org/html/rfc3986#section-3.2
+      #
+      # In HTTP/1, this is the `host` header.
+      # In HTTP/2, this is the `:authority` pseudo-header.
       def authority
-        get_header(SERVER_NAME) + ':' + get_header(SERVER_PORT)
+        forwarded_authority || host_authority || server_authority
+      end
+      # The authority as defined by the `SERVER_NAME` and `SERVER_PORT`
+      # variables.
+      def server_authority
+        host = self.server_name
+        port = self.server_port
+        if host
+          if port
+            "#{host}:#{port}"
+          else
+            host
+          end
+        end
+      end
+      def server_name
+        get_header(SERVER_NAME)
+      end
+      def server_port
+        if port = get_header(SERVER_PORT)
+          Integer(port)
+        end
       end
       def cookies
-        hash = fetch_header(RACK_REQUEST_COOKIE_HASH) do |k|
-          set_header(k, {})
+        hash = fetch_header(RACK_REQUEST_COOKIE_HASH) do |key|
+          set_header(key, {})
+        end
+        string = get_header(HTTP_COOKIE)
+        unless string == get_header(RACK_REQUEST_COOKIE_STRING)
+          hash.replace Utils.parse_cookies_header(string)
+          set_header(RACK_REQUEST_COOKIE_STRING, string)
         end
-        string = get_header HTTP_COOKIE
-        return hash if string == get_header(RACK_REQUEST_COOKIE_STRING)
-        hash.replace Utils.parse_cookies_header get_header HTTP_COOKIE
-        set_header(RACK_REQUEST_COOKIE_STRING, string)
         hash
       end
@@ -222,46 +277,101 @@ module Rack
         get_header("HTTP_X_REQUESTED_WITH") == "XMLHttpRequest"
       end
-      def host_with_port
-        if forwarded = get_header(HTTP_X_FORWARDED_HOST)
-          forwarded.split(/,\s?/).last
+      # The `HTTP_HOST` header.
+      def host_authority
+        get_header(HTTP_HOST)
+      end
+      def host_with_port(authority = self.authority)
+        host, _, port = split_authority(authority)
+        if port == DEFAULT_PORTS[self.scheme]
+          host
         else
-          get_header(HTTP_HOST) || "#{get_header(SERVER_NAME) || get_header(SERVER_ADDR)}:#{get_header(SERVER_PORT)}"
+          authority
         end
       end
+      # Returns a formatted host, suitable for being used in a URI.
       def host
-        # Remove port number.
-        host_with_port.to_s.sub(/:\d+\z/, '')
+        split_authority(self.authority)[0]
+      end
+      # Returns an address suitable for being to resolve to an address.
+      # In the case of a domain name or IPv4 address, the result is the same
+      # as +host+. In the case of IPv6 or future address formats, the square
+      # brackets are removed.
+      def hostname
+        split_authority(self.authority)[1]
       end
       def port
-        if port = host_with_port.split(/:/)[1]
-          port.to_i
-        elsif port = get_header(HTTP_X_FORWARDED_PORT)
-          port.to_i
-        elsif has_header?(HTTP_X_FORWARDED_HOST)
-          DEFAULT_PORTS[scheme]
-        elsif has_header?(HTTP_X_FORWARDED_PROTO)
-          DEFAULT_PORTS[get_header(HTTP_X_FORWARDED_PROTO).split(',')[0]]
-        else
-          get_header(SERVER_PORT).to_i
+        if authority = self.authority
+          _, _, port = split_authority(self.authority)
+          if port
+            return port
+          end
+        end
+        if forwarded_port = self.forwarded_port
+          return forwarded_port.first
+        end
+        if scheme = self.scheme
+          if port = DEFAULT_PORTS[self.scheme]
+            return port
+          end
+        end
+        self.server_port
+      end
+      def forwarded_for
+        if value = get_header(HTTP_X_FORWARDED_FOR)
+          split_header(value).map do |authority|
+            split_authority(wrap_ipv6(authority))[1]
+          end
+        end
+      end
+      def forwarded_port
+        if value = get_header(HTTP_X_FORWARDED_PORT)
+          split_header(value).map(&:to_i)
+        end
+      end
+      def forwarded_authority
+        if value = get_header(HTTP_X_FORWARDED_HOST)
+          wrap_ipv6(split_header(value).first)
         end
       end
       def ssl?
-        scheme == 'https'
+        scheme == 'https' || scheme == 'wss'
       end
       def ip
-        remote_addrs = split_ip_addresses(get_header('REMOTE_ADDR'))
-        remote_addrs = reject_trusted_ip_addresses(remote_addrs)
+        remote_addresses = split_header(get_header('REMOTE_ADDR'))
+        external_addresses = reject_trusted_ip_addresses(remote_addresses)
-        return remote_addrs.first if remote_addrs.any?
+        unless external_addresses.empty?
+          return external_addresses.first
+        end
-        forwarded_ips = split_ip_addresses(get_header('HTTP_X_FORWARDED_FOR'))
+        if forwarded_for = self.forwarded_for
+          unless forwarded_for.empty?
+            # The forwarded for addresses are ordered: client, proxy1, proxy2.
+            # So we reject all the trusted addresses (proxy*) and return the
+            # last client. Or if we trust everyone, we just return the first
+            # address.
+            return reject_trusted_ip_addresses(forwarded_for).last || forwarded_for.first
+          end
+        end
-        return reject_trusted_ip_addresses(forwarded_ips).last || forwarded_ips.first || get_header("REMOTE_ADDR")
+        # If all the addresses are trusted, and we aren't forwarded, just return
+        # the first remote address, which represents the source of the request.
+        remote_addresses.first
       end
       # The media type (type/subtype) portion of the CONTENT_TYPE header
@@ -302,6 +412,7 @@ module Rack
       def form_data?
         type = media_type
         meth = get_header(RACK_METHODOVERRIDE_ORIGINAL_METHOD) || get_header(REQUEST_METHOD)
         (meth == POST && type.nil?) || FORM_DATA_MEDIA_TYPES.include?(type)
       end
@@ -337,7 +448,7 @@ module Rack
             # Fix for Safari Ajax postings that always append \0
             # form_vars.sub!(/\0\z/, '') # performance replacement:
-            form_vars.slice!(-1) if form_vars[-1] == ?\0
+            form_vars.slice!(-1) if form_vars.end_with?("\0")
             set_header RACK_REQUEST_FORM_VARS, form_vars
             set_header RACK_REQUEST_FORM_HASH, parse_query(form_vars, '&')
@@ -356,8 +467,6 @@ module Rack
       # Note that modifications will not be persisted in the env. Use update_param or delete_param if you want to destructively modify params.
       def params
         self.GET.merge(self.POST)
-      rescue EOFError
-        self.GET.dup
       end
       # Destructively update a parameter, whether it's in GET and/or POST. Returns nil.
@@ -386,13 +495,12 @@ module Rack
       #
       # <tt>env['rack.input']</tt> is not touched.
       def delete_param(k)
-        [ self.POST.delete(k), self.GET.delete(k) ].compact.first
+        post_value, get_value = self.POST.delete(k), self.GET.delete(k)
+        post_value || get_value
       end
       def base_url
-        url = "#{scheme}://#{host}"
-        url << ":#{port}" if port != DEFAULT_PORTS[scheme]
-        url
+        "#{scheme}://#{host_with_port}"
       end
       # Tries to return a remake of the original request URL as a string.
@@ -417,7 +525,7 @@ module Rack
       end
       def trusted_proxy?(ip)
-        ip =~ /\A127\.0\.0\.1\Z|\A(10|172\.(1[6-9]|2[0-9]|30|31)|192\.168)\.|\A::1\Z|\Afd[0-9a-f]{2}:.+|\Alocalhost\Z|\Aunix\Z|\Aunix:/i
+        Rack::Request.ip_filter.call(ip)
       end
       # shortcut for <tt>request.params[key]</tt>
@@ -449,9 +557,23 @@ module Rack
       def default_session; {}; end
+      # Assist with compatibility when processing `X-Forwarded-For`.
+      def wrap_ipv6(host)
+        # Even thought IPv6 addresses should be wrapped in square brackets,
+        # sometimes this is not done in various legacy/underspecified headers.
+        # So we try to fix this situation for compatibility reasons.
+        # Try to detect IPv6 addresses which aren't escaped yet:
+        if !host.start_with?('[') && host.count(':') > 1
+          "[#{host}]"
+        else
+          host
+        end
+      end
       def parse_http_accept_header(header)
-        header.to_s.split(/\s*,\s*/).map do |part|
-          attribute, parameters = part.split(/\s*;\s*/, 2)
+        header.to_s.split(",").each(&:strip!).map do |part|
+          attribute, parameters = part.split(";", 2).each(&:strip!)
           quality = 1.0
           if parameters and /\Aq=([\d.]+)/ =~ parameters
             quality = $1.to_f
@@ -464,7 +586,7 @@ module Rack
         Utils.default_query_parser
       end
-      def parse_query(qs, d='&')
+      def parse_query(qs, d = '&')
         query_parser.parse_nested_query(qs, d)
       end
@@ -472,8 +594,39 @@ module Rack
         Rack::Multipart.extract_multipart(self, query_parser)
       end
-      def split_ip_addresses(ip_addresses)
-        ip_addresses ? ip_addresses.strip.split(/[,\s]+/) : []
+      def split_header(value)
+        value ? value.strip.split(/[,\s]+/) : []
+      end
+      AUTHORITY = /^
+        # The host:
+        (?<host>
+          # An IPv6 address:
+          (\[(?<ip6>.*)\])
+          |
+          # An IPv4 address:
+          (?<ip4>[\d\.]+)
+          |
+          # A hostname:
+          (?<name>[a-zA-Z0-9\.\-]+)
+        )
+        # The optional port:
+        (:(?<port>\d+))?
+      $/x
+      private_constant :AUTHORITY
+      def split_authority(authority)
+        if match = AUTHORITY.match(authority)
+          if address = match[:ip6]
+            return match[:host], address, match[:port]&.to_i
+          else
+            return match[:host], match[:host], match[:port]&.to_i
+          end
+        end
+        # Give up!
+        return authority, authority, nil
       end
       def reject_trusted_ip_addresses(ip_addresses)
@@ -481,16 +634,22 @@ module Rack
       end
       def forwarded_scheme
-        scheme_headers = [
-          get_header(HTTP_X_FORWARDED_SCHEME),
-          get_header(HTTP_X_FORWARDED_PROTO).to_s.split(',')[0]
-        ]
+        allowed_scheme(get_header(HTTP_X_FORWARDED_SCHEME)) ||
+        allowed_scheme(extract_proto_header(get_header(HTTP_X_FORWARDED_PROTO)))
+      end
-        scheme_headers.each do |header|
-          return header if SCHEME_WHITELIST.include?(header)
-        end
+      def allowed_scheme(header)
+        header if ALLOWED_SCHEMES.include?(header)
+      end
-        nil
+      def extract_proto_header(header)
+        if header
+          if (comma_index = header.index(','))
+            header[0, comma_index]
+          else
+            header
+          end
+        end
       end
     end