Skip to content

Consider port number when setting the host from the X-Forward-Host header #90

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

Consider port number when setting the host from the X-Forward-Host header #90

wants to merge 2 commits into from

Conversation

@frankbille
Copy link
Contributor

If we don't and we also use a port in the proxyTo address, we will end up with a host:port:port address causing an exception.

@frankbille
Consider a port number when setting the host from the X-Forward-Host …
7b0096a 
…header.

If we don't and we also use a port in the proxyTo address, we will end up with a host:port:port address causing an exception.
@frankbille
Unit test for showing that a host:port can be used in a X-Forward-Hos…
8a7f622 
…t header
@Laures
Copy link
Contributor

Laures commented Jun 26, 2013

can somebody explain why spring-hateoas cares for the x-forwarded header at all? shouldn't this be handled by the servlet container?

@frankbille
Copy link
Contributor Author

Not really, this seems like a hack, but it caused a problem for me. If it can be simplified and have the servlet container handle it it would be better for me. I just don't have the overview of it is possible.

@Laures
Copy link
Contributor

Laures commented Jun 26, 2013

i can give you an example for jetty. if you set forwarded=true on the configured http-connector jetty will set the x-forwarded-proto header value in the current httpservlet request. for tomcat there is the RemoteIpValve that does something similar.

as a framework i would expect the current servlet request to contain the uri/port as it is seen by the client.

EDIT: of cause both configs only have an effect when the header is set

@odrotbohm
Copy link
Member

Thanks for the patch. I've filed SPR-10718 to get this fixed in the framework going forward. To apply the fix against Spring HATEOAS, would you mind singing the CLA and report the reference number back?

odrotbohm pushed a commit that referenced this pull request Jul 3, 2013
@frankbille @odrotbohm
#90 - Fixed port handling in X-Forwarded-Host treatment.
c5caea5 
ControllerLinkBuilder now correctly uses the X-Fowarded-Host header by inspecting it for a port being set and configuring the discovered one on the ServletUriComponentsBuilder created.

Also added that the first host listed in the header is used.
@frankbille
Copy link
Contributor Author

No problem. I agree with Laures, that it is annoying that we have to consider the proxy in front of the server, but f.ex. on Google App Engine, it doesn't handle it for us. So either the core Spring framework or it's modules has to.

I signed the CLA, and got this confirmation number: 58420130704035452

@ghost ghost assigned odrotbohm Jul 16, 2013
@odrotbohm odrotbohm closed this Jul 16, 2013
@frankbille frankbille deleted the forward-host-with-port branch July 17, 2013 11:27
@spring-projects-issues spring-projects-issues mentioned this pull request Jan 11, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@odrotbohm odrotbohm

Labels

None yet

Projects

None yet

Milestone

0.7

Development

Successfully merging this pull request may close these issues.

3 participants

@frankbille @Laures @odrotbohm