fix: reverse proxy compatibility (header case + port 0 in mds.js)#624
Open
astowny wants to merge 2 commits intominima-global:masterfrom
Open
fix: reverse proxy compatibility (header case + port 0 in mds.js)#624astowny wants to merge 2 commits intominima-global:masterfrom
astowny wants to merge 2 commits intominima-global:masterfrom
Conversation
added 2 commits
March 23, 2026 11:53
When Minima runs behind a reverse proxy (Traefik, nginx, HAProxy),
the proxy may forward HTTP headers in lowercase (e.g. 'content-length'
instead of 'Content-Length'). This is standard behavior per:
- RFC 7230 Section 3.2: HTTP/1.1 headers are case-insensitive
- RFC 7540 Section 8.1.2: HTTP/2 mandates lowercase headers
The MDSFileHandler stores headers with their original case but looks
them up with exact case ('Content-Length'), causing a
NumberFormatException when the header is lowercase. This crashes the
request handler and returns the invalid.html error page, which the
MiniDapp JS interprets as 'Connection failed: Your session is invalid'.
The fix normalizes header names to canonical HTTP form (e.g.
'content-length' -> 'Content-Length') when parsing, ensuring
consistent lookups regardless of the proxy's header casing.
When accessing Minima through a reverse proxy on standard ports (443/80),
window.location.port returns an empty string. Math.floor('') evaluates
to 0, causing URLs like 'https://host:0/mdscommand_/...' which browsers
block with ERR_UNSAFE_PORT.
The main mds.js already had this fix, but 41 copies in individual
MiniDapps (mds/code/*) still had the old code. This commit adds
the port==0 check to all of them, omitting the port from URLs when
running on standard ports.
astowny
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When Minima's MDS (MiniDapp System) runs behind a reverse proxy like Traefik, nginx, or HAProxy, two bugs prevent MiniDapps from working:
Bug 1: Case-sensitive HTTP header parsing (
MDSFileHandler.java)All POST requests fail with "Connection failed: Your session is invalid".
MDSFileHandler.javastores HTTP headers with their original case but looks them up with exact case"Content-Length". Per RFC 7230 §3.2, HTTP/1.1 headers are case-insensitive, and per RFC 7540 §8.1.2, HTTP/2 mandates lowercase. When a reverse proxy forwardscontent-length(lowercase):allheaders.get("Content-Length")→nullInteger.parseInt(null)→NumberFormatExceptioncatch(Exception)→ returnsinvalid.htmlJSON.parse(html)→ "Connection failed"Bug 2:
ERR_UNSAFE_PORTin MiniDappmds.jscopiesWhen accessing via standard HTTPS (port 443),
window.location.portreturns"".Math.floor("")evaluates to0, producing URLs likehttps://host:0/mdscommand_/.... Browsers block port 0 →ERR_UNSAFE_PORT→ black screen.The main
mds/mds.jsalready has the fix (if(port == 0)check), but 41 copies inmds/code/*/mds.jsstill had the old code.Fixes
Commit 1:
MDSFileHandler.javaAdded
normalizeHeaderName()that converts HTTP header names to canonical form (content-length→Content-Length) when parsing. Follows standard HTTP convention: capitalize first letter and every letter after a hyphen.Commit 2:
mds/code/*/mds.js(41 files)Added
if(port == 0)check to omit the port from URLs when running on standard ports (443/80), matching the fix already present in the mainmds/mds.js.Testing
curlwith lowercase headers — ✅ handled correctlyFiles Changed
src/org/minima/system/mds/MDSFileHandler.java— Header name normalizationmds/code/*/mds.js(41 files) — Port 0 handling