X-Forwarded-Host handling in ServletUriComponentsBuilder does not treat ports correctly [SPR-10718] #15346
Comments
|
Rossen Stoyanchev commented This appears to be a duplicate of #15329. |
|
Philippe Bouteleux commented Hi, it seems the code that processes the X-Forward-Host header value does not take into account the fact that the forwarded port (after the ":") may be optional and that it should in that case force the value to the default one, that is -1 (which is really 80 for HTTP or 443 for HTTPS in the end). The HATEOAS version of the builder acts correctly in that case and can be found here : Look at the "else" in the method getBuilder(). Unfortunately, there is no overloading with a HttpServletRequest parameter that would suit my needs for mocking services URI dynamically. PS : this method also correctly treat SSL and X-Forward-Post which should also be retrofited I think. |
|
Rossen Stoyanchev commented The logic in ServletUriComponentsBuilder with regards to an optional forwarded port (see here for comparison). Or am I missing anything? We do have X-Forwarded-Port as well. |
spring-projects-issues
added
type: enhancement
Oliver Drotbohm opened SPR-10718 and commented
According to the spec, a
Hostvalue consists of a uri-host and an optional port. So when inspecting theX-Forwarded-Hostheader we have to split uri-host and port and set the values appropriately. Currently the port is still part of the host.This was originally reported against Spring HATEOAS in this ticket.
Affects: 3.2.3
Issue Links:
The text was updated successfully, but these errors were encountered: