-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve ForwardRequestCustomizer authority priority #5247
Comments
I noticed
|
Signed-off-by: Joakim Erdfelt <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
Opened PR #5247 to address this. This is the search order for request.authority in an incoming request now.
Key:
|
+ Merge ProxyPass tests from CheckReverseProxyHeadersTest into ForwardedRequestCustomizerTest + Deleted CheckReverseProxyHeadersTest.java + Add more tests for ForcedHost configuration + Updated ForwardedRequestCustomizer to conform to expectations Signed-off-by: Joakim Erdfelt <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
Signed-off-by: Joakim Erdfelt <[email protected]>
…er-priority Issue #5247 ForwardedRequestCustomizer authority order rework
Merged #5251 |
Jetty version
9.4.31
Description
The
ForwardedRequestCustomizer
has a torturous implementation of priority for how the authority (server name:port) is calculated.We should improve this to implement a clear priority of what header fields are interrogated, and under what order they resolve to an authority.
Bonus is an improved javadoc that documents this behavior.
On a brief discussion with @gregw the following priority for the Authority Host and Port were proposed.
Authority Host
Authority Port
I propose we track the authority host and port separately (not in a HostPort field).
Each with a priority int, that indicates where the last setting of those fields came from.
Then, we could change the MethodHandle calls to include a priority for when that specific field is encountered, ala
handlePort(int priority, HttpField field)
, and if the field (port in this case) was set, and from a lower priority then this call, then override it's value.When the full set of headers is done parsing, finally form the HostPort field from the separate host and port fields.
The text was updated successfully, but these errors were encountered: