rack 3.1.16 → 3.2.3

data/lib/rack/media_type.rb

@@ -14,12 +14,11 @@ module Rack
       # For more information on the use of media types in HTTP, see:
       # http://www.w3.org/Protocols/rfc2616/rfc2616-sec3.html#sec3.7
       def type(content_type)
-        return nil unless content_type
-        if type = content_type.split(SPLIT_PATTERN, 2).first
-          type.rstrip!
-          type.downcase!
-          type
-        end
+        return nil unless content_type && !content_type.empty?
+        type = content_type.split(SPLIT_PATTERN, 2).first
+        type.rstrip!
+        type.downcase!
+        type
       end
 
       # The media type parameters provided in CONTENT_TYPE as a Hash, or
@@ -33,7 +32,7 @@ module Rack
       # and "text/plain;charset" will return { 'charset' => '' }, similarly to 
       # the query params parser (barring the latter case, which returns nil instead)).
       def params(content_type)
-        return {} if content_type.nil?
+        return {} if content_type.nil? || content_type.empty?
 
         content_type.split(SPLIT_PATTERN)[1..-1].each_with_object({}) do |s, hsh|
           s.strip!

data/lib/rack/mock_response.rb

@@ -10,33 +10,27 @@ module Rack
   # MockRequest.
 
   class MockResponse < Rack::Response
-    begin
-      # Recent versions of the CGI gem may not provide `CGI::Cookie`.
-      require 'cgi/cookie'
-      Cookie = CGI::Cookie
-    rescue LoadError
-      class Cookie
-        attr_reader :name, :value, :path, :domain, :expires, :secure
-
-        def initialize(args)
-          @name = args["name"]
-          @value = args["value"]
-          @path = args["path"]
-          @domain = args["domain"]
-          @expires = args["expires"]
-          @secure = args["secure"]
-        end
+    class Cookie
+      attr_reader :name, :value, :path, :domain, :expires, :secure
+
+      def initialize(args)
+        @name = args["name"]
+        @value = args["value"]
+        @path = args["path"]
+        @domain = args["domain"]
+        @expires = args["expires"]
+        @secure = args["secure"]
+      end
 
-        def method_missing(method_name, *args, &block)
-          @value.send(method_name, *args, &block)
-        end
-        # :nocov:
-        ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
-        # :nocov:
+      def method_missing(method_name, *args, &block)
+        @value.send(method_name, *args, &block)
+      end
+      # :nocov:
+      ruby2_keywords(:method_missing) if respond_to?(:ruby2_keywords, true)
+      # :nocov:
 
-        def respond_to_missing?(method_name, include_all = false)
-          @value.respond_to?(method_name, include_all) || super
-        end
+      def respond_to_missing?(method_name, include_all = false)
+        @value.respond_to?(method_name, include_all) || super
       end
     end
 

data/lib/rack/multipart/parser.rb

@@ -38,6 +38,18 @@ module Rack
     MULTIPART_CONTENT_DISPOSITION = /^Content-Disposition:#{FWS}?(#{HEADER_VALUE})/ni
     MULTIPART_CONTENT_ID = /^Content-ID:#{FWS}?(#{HEADER_VALUE})/ni
 
+    # Rack::Multipart::Parser handles parsing of multipart/form-data requests.
+    #
+    # File Parameter Contents
+    #
+    # When processing file uploads, the parser returns a hash containing
+    # information about uploaded files. For +file+ parameters, the hash includes:
+    #
+    # * +:filename+ - The original filename, already URL decoded by the parser
+    # * +:type+ - The content type of the uploaded file  
+    # * +:name+ - The parameter name from the form
+    # * +:tempfile+ - A Tempfile object containing the uploaded data
+    # * +:head+ - The raw header content for this part
     class Parser
       BUFSIZE = 1_048_576
       TEXT_PLAIN = "text/plain"
@@ -47,6 +59,27 @@ module Rack
         Tempfile.new(["RackMultipart", extension])
       }
 
+      BOUNDARY_START_LIMIT = 16 * 1024
+      private_constant :BOUNDARY_START_LIMIT
+
+      MIME_HEADER_BYTESIZE_LIMIT = 64 * 1024
+      private_constant :MIME_HEADER_BYTESIZE_LIMIT
+
+      env_int = lambda do |key, val|
+        if str_val = ENV[key]
+          begin
+            val = Integer(str_val, 10)
+          rescue ArgumentError
+            raise ArgumentError, "non-integer value provided for environment variable #{key}"
+          end
+        end
+
+        val
+      end
+
+      BUFFERED_UPLOAD_BYTESIZE_LIMIT = env_int.call("RACK_MULTIPART_BUFFERED_UPLOAD_BYTESIZE_LIMIT", 16 * 1024 * 1024)
+      private_constant :BUFFERED_UPLOAD_BYTESIZE_LIMIT
+
       class BoundedIO # :nodoc:
         def initialize(io, content_length)
           @io             = io
@@ -206,6 +239,8 @@ module Rack
 
         @state = :FAST_FORWARD
         @mime_index = 0
+        @body_retained = nil
+        @retained_size = 0
         @collector = Collector.new tempfile
 
         @sbuf = StringScanner.new("".dup)
@@ -243,7 +278,8 @@ module Rack
         @collector.each do |part|
           part.get_data do |data|
             tag_multipart_encoding(part.filename, part.content_type, part.name, data)
-            @query_parser.normalize_params(@params, part.name, data)
+            name, data = handle_dummy_encoding(part.name, data)
+            @query_parser.normalize_params(@params, name, data)
           end
         end
         MultipartInfo.new @params.to_params_hash, @collector.find_all(&:file?).map(&:body)
@@ -251,12 +287,6 @@ module Rack
 
       private
 
-      def dequote(str) # From WEBrick::HTTPUtils
-        ret = (/\A"(.*)"\Z/ =~ str) ? $1 : str.dup
-        ret.gsub!(/\\(.)/, "\\1")
-        ret
-      end
-
       def read_data(io, outbuf)
         content = io.read(@bufsize, outbuf)
         handle_empty_content!(content)
@@ -287,6 +317,10 @@ module Rack
 
             # retry for opening boundary
           else
+            # We raise if we don't find the multipart boundary, to avoid unbounded memory
+            # buffering. Note that the actual limit is the higher of 16KB and the buffer size (1MB by default)
+            raise Error, "multipart boundary not found within limit" if @sbuf.string.bytesize > BOUNDARY_START_LIMIT
+
             # no boundary found, keep reading data
             return :want_read
           end
@@ -403,16 +437,30 @@ module Rack
             name = filename || "#{content_type || TEXT_PLAIN}[]".dup
           end
 
+          # Mime part head data is retained for both TempfilePart and BufferPart
+          # for the entireity of the parse, even though it isn't used for BufferPart.
+          update_retained_size(head.bytesize)
+
+          # If a filename is given, a TempfilePart will be used, so the body will
+          # not be buffered in memory. However, if a filename is not given, a BufferPart
+          # will be used, and the body will be buffered in memory.
+          @body_retained = !filename
+
           @collector.on_mime_head @mime_index, head, filename, content_type, name
           @state = :MIME_BODY
         else
-          :want_read
+          # We raise if the mime part header is too large, to avoid unbounded memory
+          # buffering. Note that the actual limit is the higher of 64KB and the buffer size (1MB by default)
+          raise Error, "multipart mime part header too large" if @sbuf.string.bytesize > MIME_HEADER_BYTESIZE_LIMIT
+
+          return :want_read
         end
       end
 
       def handle_mime_body
         if (body_with_boundary = @sbuf.check_until(@body_regex)) # check but do not advance the pointer yet
           body = body_with_boundary.sub(@body_regex_at_end, '') # remove the boundary from the string
+          update_retained_size(body.bytesize) if @body_retained
           @collector.on_mime_body @mime_index, body
           @sbuf.pos += body.length + 2 # skip \r\n after the content
           @state = :CONSUME_TOKEN
@@ -421,7 +469,9 @@ module Rack
           # Save what we have so far
           if @rx_max_size < @sbuf.rest_size
             delta = @sbuf.rest_size - @rx_max_size
-            @collector.on_mime_body @mime_index, @sbuf.peek(delta)
+            body = @sbuf.peek(delta)
+            update_retained_size(body.bytesize) if @body_retained
+            @collector.on_mime_body @mime_index, body
             @sbuf.pos += delta
             @sbuf.string = @sbuf.rest
           end
@@ -429,6 +479,13 @@ module Rack
         end
       end
 
+      def update_retained_size(size)
+        @retained_size += size
+        if @retained_size > BUFFERED_UPLOAD_BYTESIZE_LIMIT
+          raise Error, "multipart data over retained size limit"
+        end
+      end
+
       # Scan until the we find the start or end of the boundary.
       # If we find it, return the appropriate symbol for the start or
       # end of the boundary.  If we don't find the start or end of the
@@ -494,6 +551,25 @@ module Rack
         Encoding::BINARY
       end
 
+      REENCODE_DUMMY_ENCODINGS = {
+        # ISO-2022-JP is a legacy but still widely used encoding in Japan
+        # Here we convert ISO-2022-JP to UTF-8 so that it can be handled.
+        Encoding::ISO_2022_JP => true
+
+        # Other dummy encodings are rarely used and have not been supported yet.
+        # Adding support for them will require careful considerations.
+      }
+
+      def handle_dummy_encoding(name, body)
+        # A string object with a 'dummy' encoding does not have full functionality and can cause errors.
+        # So here we covert it to UTF-8 so that it can be handled properly.
+        if name.encoding.dummy? && REENCODE_DUMMY_ENCODINGS[name.encoding]
+          name = name.encode(Encoding::UTF_8)
+          body = body.encode(Encoding::UTF_8)
+        end
+        return name, body
+      end
+
       def handle_empty_content!(content)
         if content.nil? || content.empty?
           raise EmptyContentError

data/lib/rack/multipart/uploaded_file.rb

@@ -5,14 +5,47 @@ require 'fileutils'
 
 module Rack
   module Multipart
+    # Despite the misleading name, UploadedFile is designed for use for
+    # preparing multipart file upload bodies, generally for use in tests.
+    # It is not designed for and should not be used for handling uploaded
+    # files (there is no need for that, since Rack's multipart parser
+    # already creates Tempfiles for that). Using this with non-trusted
+    # filenames can create a security vulnerability.
+    #
+    # You should only use this class if you plan on passing the instances
+    # to Rack::MockRequest for use in creating multipart request bodies.
+    #
+    # UploadedFile delegates most methods to the tempfile it contains.
     class UploadedFile
-
-      # The filename, *not* including the path, of the "uploaded" file
+      # The provided name of the file. This generally is the basename of
+      # path provided during initialization, but it can contain slashes if they
+      # were present in the filename argument when the instance was created.
       attr_reader :original_filename
 
-      # The content type of the "uploaded" file
+      # The content type of the instance.
       attr_accessor :content_type
 
+      # Create a new UploadedFile.  For backwards compatibility, this accepts
+      # both positional and keyword versions of the same arguments:
+      #
+      # filepath/path :: The path to the file
+      # ct/content_type :: The content_type of the file
+      # bin/binary :: Whether to set binmode on the file before copying data into it.
+      #
+      # If both positional and keyword arguments are present, the keyword arguments
+      # take precedence.
+      #
+      # The following keyword-only arguments are also accepted:
+      #
+      # filename :: Override the filename to use for the file.  This is so the
+      #             filename for the upload does not need to match the basename of
+      #             the file path.  This should not contain slashes, unless you are
+      #             trying to test how an application handles invalid filenames in
+      #             multipart upload bodies.
+      # io :: Use the given IO-like instance as the tempfile, instead of creating
+      #       a Tempfile instance.  This is useful for building multipart file
+      #       upload bodies without a file being present on the filesystem. If you are
+      #       providing this, you should also provide the filename argument.
       def initialize(filepath = nil, ct = "text/plain", bin = false,
                      path: filepath, content_type: ct, binary: bin, filename: nil, io: nil)
         if io
@@ -28,15 +61,19 @@ module Rack
         @content_type = content_type
       end
 
+      # The path of the tempfile for the instance, if the tempfile has a path.
+      # nil if the tempfile does not have a path.
       def path
         @tempfile.path if @tempfile.respond_to?(:path)
       end
       alias_method :local_path, :path
 
-      def respond_to?(*args)
-        super or @tempfile.respond_to?(*args)
+      # Return true if the tempfile responds to the method.
+      def respond_to_missing?(*args)
+        @tempfile.respond_to?(*args)
       end
 
+      # Delegate method missing calls to the tempfile.
       def method_missing(method_name, *args, &block) #:nodoc:
         @tempfile.__send__(method_name, *args, &block)
       end

data/lib/rack/query_parser.rb

@@ -57,6 +57,8 @@ module Rack
     PARAMS_LIMIT = env_int.call("RACK_QUERY_PARSER_PARAMS_LIMIT", 4096)
     private_constant :PARAMS_LIMIT
 
+    attr_reader :bytesize_limit
+
     def initialize(params_class, param_depth_limit, bytesize_limit: BYTESIZE_LIMIT, params_limit: PARAMS_LIMIT)
       @params_class = params_class
       @param_depth_limit = param_depth_limit
@@ -69,14 +71,9 @@ module Rack
     # to parse cookies by changing the characters used in the second parameter
     # (which defaults to '&').
     def parse_query(qs, separator = nil, &unescaper)
-      unescaper ||= method(:unescape)
-
       params = make_params
 
-      check_query_string(qs, separator).split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
-        next if p.empty?
-        k, v = p.split('=', 2).map!(&unescaper)
-
+      each_query_pair(qs, separator, unescaper) do |k, v|
         if cur = params[k]
           if cur.class == Array
             params[k] << v
@@ -91,6 +88,19 @@ module Rack
       return params.to_h
     end
 
+    # Parses a query string by breaking it up at the '&', returning all key-value
+    # pairs as an array of [key, value] arrays. Unlike parse_query, this preserves
+    # all duplicate keys rather than collapsing them.
+    def parse_query_pairs(qs, separator = nil)
+      pairs = []
+
+      each_query_pair(qs, separator) do |k, v|
+        pairs << [k, v]
+      end
+
+      pairs
+    end
+
     # parse_nested_query expands a query string into structural types. Supported
     # types are Arrays, Hashes and basic value types. It is possible to supply
     # query strings with parameters of conflicting types, in this case a
@@ -99,17 +109,11 @@ module Rack
     def parse_nested_query(qs, separator = nil)
       params = make_params
 
-      unless qs.nil? || qs.empty?
-        check_query_string(qs, separator).split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP).each do |p|
-          k, v = p.split('=', 2).map! { |s| unescape(s) }
-
-          _normalize_params(params, k, v, 0)
-        end
+      each_query_pair(qs, separator) do |k, v|
+        _normalize_params(params, k, v, 0)
       end
 
       return params.to_h
-    rescue ArgumentError => e
-      raise InvalidParameterError, e.message, e.backtrace
     end
 
     # normalize_params recursively expands parameters into structural types. If
@@ -215,20 +219,35 @@ module Rack
       true
     end
 
-    def check_query_string(qs, sep)
-      if qs
-        if qs.bytesize > @bytesize_limit
-          raise QueryLimitError, "total query size (#{qs.bytesize}) exceeds limit (#{@bytesize_limit})"
-        end
+    def each_query_pair(qs, separator, unescaper = nil)
+      return if !qs || qs.empty?
 
-        if (param_count = qs.count(sep.is_a?(String) ? sep : '&')) >= @params_limit
-          raise QueryLimitError, "total number of query parameters (#{param_count+1}) exceeds limit (#{@params_limit})"
-        end
+      if qs.bytesize > @bytesize_limit
+        raise QueryLimitError, "total query size exceeds limit (#{@bytesize_limit})"
+      end
+
+      pairs = qs.split(separator ? (COMMON_SEP[separator] || /[#{separator}] */n) : DEFAULT_SEP, @params_limit + 1)
+
+      if pairs.size > @params_limit
+        param_count = pairs.size + pairs.last.count(separator || "&")
+        raise QueryLimitError, "total number of query parameters (#{param_count}) exceeds limit (#{@params_limit})"
+      end
 
-        qs
+      if unescaper
+        pairs.each do |p|
+          next if p.empty?
+          k, v = p.split('=', 2).map!(&unescaper)
+          yield k, v
+        end
       else
-        ''
+        pairs.each do |p|
+          next if p.empty?
+          k, v = p.split('=', 2).map! { |s| unescape(s) }
+          yield k, v
+        end
       end
+    rescue ArgumentError => e
+      raise InvalidParameterError, e.message, e.backtrace
     end
 
     def unescape(string, encoding = Encoding::UTF_8)

data/lib/rack/request.rb

@@ -61,9 +61,14 @@ module Rack
 
     def initialize(env)
       @env = env
+      @ip = nil
       @params = nil
     end
 
+    def ip
+      @ip ||= super
+    end
+
     def params
       @params ||= super
     end
@@ -398,8 +403,8 @@ module Rack
               return forwarded.last
             end
           when :x_forwarded
-            if value = get_header(HTTP_X_FORWARDED_HOST)
-              return wrap_ipv6(split_header(value).last)
+            if (value = get_header(HTTP_X_FORWARDED_HOST)) && (x_forwarded_host = split_header(value).last)
+              return wrap_ipv6(x_forwarded_host)
             end
           end
         end
@@ -413,10 +418,9 @@ module Rack
 
       def ip
         remote_addresses = split_header(get_header('REMOTE_ADDR'))
-        external_addresses = reject_trusted_ip_addresses(remote_addresses)
 
-        unless external_addresses.empty?
-          return external_addresses.last
+        remote_addresses.reverse_each do |ip|
+          return ip unless trusted_proxy?(ip)
         end
 
         if (forwarded_for = self.forwarded_for) && !forwarded_for.empty?
@@ -424,7 +428,10 @@ module Rack
           # So we reject all the trusted addresses (proxy*) and return the
           # last client. Or if we trust everyone, we just return the first
           # address.
-          return reject_trusted_ip_addresses(forwarded_for).last || forwarded_for.first
+          forwarded_for.reverse_each do |ip|
+            return ip unless trusted_proxy?(ip)
+          end
+          return forwarded_for.first
         end
 
         # If all the addresses are trusted, and we aren't forwarded, just return
@@ -482,67 +489,45 @@ module Rack
 
       # Returns the data received in the query string.
       def GET
-        rr_query_string = get_header(RACK_REQUEST_QUERY_STRING)
-        query_string = self.query_string
-        if rr_query_string == query_string
-          get_header(RACK_REQUEST_QUERY_HASH)
-        else
-          if rr_query_string
-            warn "query string used for GET parsing different from current query string. Starting in Rack 3.2, Rack will used the cached GET value instead of parsing the current query string.", uplevel: 1
-          end
-          query_hash = parse_query(query_string, '&')
-          set_header(RACK_REQUEST_QUERY_STRING, query_string)
-          set_header(RACK_REQUEST_QUERY_HASH, query_hash)
-        end
+        get_header(RACK_REQUEST_QUERY_HASH) || set_header(RACK_REQUEST_QUERY_HASH, parse_query(query_string, '&'))
       end
 
-      # Returns the data received in the request body.
+      # Returns the form data pairs received in the request body.
       #
       # This method support both application/x-www-form-urlencoded and
       # multipart/form-data.
-      def POST
-        if error = get_header(RACK_REQUEST_FORM_ERROR)
+      def form_pairs
+        if pairs = get_header(RACK_REQUEST_FORM_PAIRS)
+          return pairs
+        elsif error = get_header(RACK_REQUEST_FORM_ERROR)
           raise error.class, error.message, cause: error.cause
         end
 
         begin
           rack_input = get_header(RACK_INPUT)
 
-          # If the form hash was already memoized:
-          if form_hash = get_header(RACK_REQUEST_FORM_HASH)
-            form_input = get_header(RACK_REQUEST_FORM_INPUT)
-            # And it was memoized from the same input:
-            if form_input.equal?(rack_input)
-              return form_hash
-            elsif form_input
-              warn "input stream used for POST parsing different from current input stream. Starting in Rack 3.2, Rack will used the cached POST value instead of parsing the current input stream.", uplevel: 1
-            end
-          end
-
           # Otherwise, figure out how to parse the input:
           if rack_input.nil?
-            set_header RACK_REQUEST_FORM_INPUT, nil
-            set_header(RACK_REQUEST_FORM_HASH, {})
+            set_header(RACK_REQUEST_FORM_PAIRS, [])
           elsif form_data? || parseable_data?
             if pairs = Rack::Multipart.parse_multipart(env, Rack::Multipart::ParamList)
               set_header RACK_REQUEST_FORM_PAIRS, pairs
-              set_header RACK_REQUEST_FORM_HASH, expand_param_pairs(pairs)
             else
-              form_vars = get_header(RACK_INPUT).read
+              # Add 2 bytes. One to check whether it is over the limit, and a second
+              # in case the slice! call below removes the last byte
+              # If read returns nil, use the empty string
+              form_vars = get_header(RACK_INPUT).read(query_parser.bytesize_limit + 2) || ''
 
               # Fix for Safari Ajax postings that always append \0
               # form_vars.sub!(/\0\z/, '') # performance replacement:
               form_vars.slice!(-1) if form_vars.end_with?("\0")
 
               set_header RACK_REQUEST_FORM_VARS, form_vars
-              set_header RACK_REQUEST_FORM_HASH, parse_query(form_vars, '&')
+              pairs = query_parser.parse_query_pairs(form_vars, '&')
+              set_header(RACK_REQUEST_FORM_PAIRS, pairs)
             end
-
-            set_header RACK_REQUEST_FORM_INPUT, get_header(RACK_INPUT)
-            get_header RACK_REQUEST_FORM_HASH
           else
-            set_header RACK_REQUEST_FORM_INPUT, get_header(RACK_INPUT)
-            set_header(RACK_REQUEST_FORM_HASH, {})
+            set_header(RACK_REQUEST_FORM_PAIRS, [])
           end
         rescue => error
           set_header(RACK_REQUEST_FORM_ERROR, error)
@@ -550,6 +535,21 @@ module Rack
         end
       end
 
+      # Returns the data received in the request body.
+      #
+      # This method support both application/x-www-form-urlencoded and
+      # multipart/form-data.
+      def POST
+        if form_hash = get_header(RACK_REQUEST_FORM_HASH)
+          return form_hash
+        elsif error = get_header(RACK_REQUEST_FORM_ERROR)
+          raise error.class, error.message, cause: error.cause
+        end
+
+        pairs = form_pairs
+        set_header RACK_REQUEST_FORM_HASH, expand_param_pairs(pairs)
+      end
+
       # The union of GET and POST data.
       #
       # Note that modifications will not be persisted in the env. Use update_param or delete_param if you want to destructively modify params.
@@ -557,6 +557,10 @@ module Rack
         self.GET.merge(self.POST)
       end
 
+      # Allow overriding the query parser that the receiver will use.
+      # By default Rack::Utils.default_query_parser is used.
+      attr_writer :query_parser
+
       # Destructively update a parameter, whether it's in GET and/or POST. Returns nil.
       #
       # The parameter is updated wherever it was previous defined, so GET, POST, or both. If it wasn't previously defined, it's inserted into GET.
@@ -616,13 +620,6 @@ module Rack
         Rack::Request.ip_filter.call(ip)
       end
 
-      # like Hash#values_at
-      def values_at(*keys)
-        warn("Request#values_at is deprecated and will be removed in a future version of Rack. Please use request.params.values_at instead", uplevel: 1)
-        
-        keys.map { |key| params[key] }
-      end
-
       private
 
       def default_session; {}; end
@@ -670,7 +667,7 @@ module Rack
       end
 
       def query_parser
-        Utils.default_query_parser
+        @query_parser || Utils.default_query_parser
       end
 
       def parse_query(qs, d = '&')
@@ -678,6 +675,7 @@ module Rack
       end
 
       def parse_multipart
+        warn "Rack::Request#parse_multipart is deprecated and will be removed in a future version of Rack.", uplevel: 1
         Rack::Multipart.extract_multipart(self, query_parser)
       end
 
@@ -692,7 +690,7 @@ module Rack
       end
 
       def split_header(value)
-        value ? value.strip.split(/[,\s]+/) : []
+        value ? value.strip.split(/[, \t]+/) : []
       end
 
       # ipv6 extracted from resolv stdlib, simplified
@@ -740,10 +738,6 @@ module Rack
         return match[:host], match[:address], match[:port]&.to_i
       end
 
-      def reject_trusted_ip_addresses(ip_addresses)
-        ip_addresses.reject { |ip| trusted_proxy?(ip) }
-      end
-
       FORWARDED_SCHEME_HEADERS = {
         proto: HTTP_X_FORWARDED_PROTO,
         scheme: HTTP_X_FORWARDED_SCHEME

data/lib/rack/rewindable_input.rb

@@ -21,7 +21,10 @@ module Rack
       end
 
       def call(env)
-        env[RACK_INPUT] = RewindableInput.new(env[RACK_INPUT])
+        if (input = env[RACK_INPUT])
+          env[RACK_INPUT] = RewindableInput.new(input)
+        end
+
         @app.call(env)
       end
     end