Skip to content

Commit 1e90d02

Browse files
rstoyanchevrstoyanchev
committed
Fix issue with parsing x-forwarded-host header
Issue: SPR-10701
1 parent 676f7f9 commit 1e90d02

File tree

2 files changed

+30
-5
lines changed

2 files changed

+30
-5
lines changed

spring-webmvc/src/main/java/org/springframework/web/servlet/support/ServletUriComponentsBuilder.java

+14-3
Original file line numberDiff line numberDiff line change
@@ -94,9 +94,20 @@ public static ServletUriComponentsBuilder fromRequestUri(HttpServletRequest requ
9494
public static ServletUriComponentsBuilder fromRequest(HttpServletRequest request) {
9595
String scheme = request.getScheme();
9696
int port = request.getServerPort();
97-
98-
String header = request.getHeader("X-Forwarded-Host");
99-
String host = StringUtils.hasText(header) ? header: request.getServerName();
97+
String host = request.getServerName();
98+
99+
String xForwardedHostHeader = request.getHeader("X-Forwarded-Host");
100+
101+
if (StringUtils.hasText(xForwardedHostHeader)) {
102+
if (StringUtils.countOccurrencesOf(xForwardedHostHeader, ":") == 1) {
103+
String[] hostAndPort = StringUtils.split(xForwardedHostHeader, ":");
104+
host = hostAndPort[0];
105+
port = Integer.parseInt(hostAndPort[1]);
106+
}
107+
else {
108+
host = xForwardedHostHeader;
109+
}
110+
}
100111

101112
ServletUriComponentsBuilder builder = new ServletUriComponentsBuilder();
102113
builder.scheme(scheme);

spring-webmvc/src/test/java/org/springframework/web/servlet/support/ServletUriComponentsBuilderTests.java

+16-2
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,14 @@
1616

1717
package org.springframework.web.servlet.support;
1818

19-
import static org.junit.Assert.assertEquals;
20-
2119
import org.junit.Before;
2220
import org.junit.Test;
2321
import org.springframework.mock.web.test.MockHttpServletRequest;
2422
import org.springframework.web.context.request.RequestContextHolder;
2523
import org.springframework.web.context.request.ServletRequestAttributes;
24+
import org.springframework.web.util.UriComponents;
25+
26+
import static org.junit.Assert.*;
2627

2728
/**
2829
* @author Rossen Stoyanchev
@@ -93,6 +94,19 @@ public void fromRequestWithForwardedHostHeader() {
9394
assertEquals("http://anotherHost/mvc-showcase/data/param?foo=123", result);
9495
}
9596

97+
// SPR-10701
98+
99+
@Test
100+
public void fromRequestWithForwardedHostAndPortHeader() {
101+
request.addHeader("X-Forwarded-Host", "webtest.foo.bar.com:443");
102+
request.setRequestURI("/mvc-showcase/data/param");
103+
request.setQueryString("foo=123");
104+
UriComponents result = ServletUriComponentsBuilder.fromRequest(request).build();
105+
106+
assertEquals("webtest.foo.bar.com", result.getHost());
107+
assertEquals(443, result.getPort());
108+
}
109+
96110
@Test
97111
public void fromContextPath() {
98112
request.setRequestURI("/mvc-showcase/data/param");

0 commit comments

Comments
 (0)