Fixes #842 - Implement RFC7239 support in Proxy and Middleman.

Updated ee10/ee11 AbstractProxyServlet to use the `Forwarded` header rather than the now deprecated `X-Forwarded-For` headers.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>

jetty-ee10/jetty-ee10-proxy/src/main/java/org/eclipse/jetty/ee10/proxy/AbstractProxyServlet.java

@@ -383,7 +383,7 @@ private Set<String> parseList(String list)
         for (String host : hosts)
         {
             host = host.trim();
-            if (host.length() == 0)
+            if (host.isEmpty())
                 continue;
             result.add(host);
         }
@@ -538,7 +538,7 @@ protected Set<String> findConnectionHeaders(HttpServletRequest clientRequest)
     protected void addProxyHeaders(HttpServletRequest clientRequest, Request proxyRequest)
     {
         addViaHeader(proxyRequest);
-        addXForwardedHeaders(clientRequest, proxyRequest);
+        addForwardedHeader(clientRequest, proxyRequest);
     }
 
     /**
@@ -580,23 +580,43 @@ protected void addViaHeader(HttpServletRequest clientRequest, Request proxyReque
                 .flatMap(field -> Stream.of(field.getValues()))
                 .filter(value -> !StringUtil.isBlank(value))
                 .collect(Collectors.joining(separator));
-            if (newValue.length() > 0)
+            if (!newValue.isEmpty())
                 newValue += separator;
             newValue += viaHeaderValue;
             return new HttpField(HttpHeader.VIA, newValue);
         }));
     }
 
-    protected void addXForwardedHeaders(HttpServletRequest clientRequest, Request proxyRequest)
-    {
-        proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_FOR, clientRequest.getRemoteAddr()));
-        proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_PROTO, clientRequest.getScheme()));
-        String hostHeader = clientRequest.getHeader(HttpHeader.HOST.asString());
-        if (hostHeader != null)
-            proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_HOST, hostHeader));
-        String localName = clientRequest.getLocalName();
-        if (localName != null)
-            proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_SERVER, localName));
+    protected void addForwardedHeader(HttpServletRequest clientRequest, Request proxyRequest)
+    {
+        String byAttr = clientRequest.getLocalAddr();
+        String forAttr = clientRequest.getRemoteAddr();
+        String hostAttr = clientRequest.getHeader(HttpHeader.HOST.asString());
+        String scheme = clientRequest.getScheme();
+        String protoAttr = scheme == null ? (clientRequest.isSecure() ? "https" : "http") : scheme;
+        String forwardedValue = "by=%s;for=%s;host=%s;proto=%s".formatted(
+            HttpField.PARAMETER_TOKENIZER.quote(byAttr),
+            HttpField.PARAMETER_TOKENIZER.quote(forAttr),
+            HttpField.PARAMETER_TOKENIZER.quote(hostAttr),
+            protoAttr
+        );
+        proxyRequest.headers(headers -> headers.computeField(HttpHeader.FORWARDED, (header, fields) ->
+        {
+            String newValue;
+            if (fields == null || fields.isEmpty())
+            {
+                newValue = forwardedValue;
+            }
+            else
+            {
+                String separator = ", ";
+                newValue = fields.stream()
+                    .flatMap(field -> field.getValueList().stream())
+                    .collect(Collectors.joining(separator));
+                newValue += separator + forwardedValue;
+            }
+            return new HttpField(HttpHeader.FORWARDED, newValue);
+        }));
     }
 
     protected void sendProxyRequest(HttpServletRequest clientRequest, HttpServletResponse proxyResponse, Request proxyRequest)

jetty-ee10/jetty-ee10-proxy/src/test/java/org/eclipse/jetty/ee10/proxy/ProxyServletTest.java

@@ -572,17 +572,17 @@ public void testProxyXForwardedHostHeaderIsPresent(Class<? extends ProxyServlet>
             protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException
             {
                 PrintWriter writer = resp.getWriter();
-                writer.write(req.getHeader("X-Forwarded-Host"));
+                writer.write(req.getHeader(HttpHeader.FORWARDED.asString()));
                 writer.flush();
             }
         });
         startProxy(proxyServletClass);
         startClient();
 
         ContentResponse response = client.GET("http://localhost:" + serverConnector.getLocalPort());
-        assertThat("Response expected to contain content of X-Forwarded-Host Header from the request",
+        assertThat("Response expected to contain content of Forwarded header from the request",
             response.getContentAsString(),
-            equalTo("localhost:" + serverConnector.getLocalPort()));
+            containsString("localhost:" + serverConnector.getLocalPort()));
     }
 
     @ParameterizedTest

jetty-ee11/jetty-ee11-proxy/src/main/java/org/eclipse/jetty/ee11/proxy/AbstractProxyServlet.java

@@ -383,7 +383,7 @@ private Set<String> parseList(String list)
         for (String host : hosts)
         {
             host = host.trim();
-            if (host.length() == 0)
+            if (host.isEmpty())
                 continue;
             result.add(host);
         }
@@ -538,7 +538,7 @@ protected Set<String> findConnectionHeaders(HttpServletRequest clientRequest)
     protected void addProxyHeaders(HttpServletRequest clientRequest, Request proxyRequest)
     {
         addViaHeader(proxyRequest);
-        addXForwardedHeaders(clientRequest, proxyRequest);
+        addForwardedHeader(clientRequest, proxyRequest);
     }
 
     /**
@@ -580,23 +580,43 @@ protected void addViaHeader(HttpServletRequest clientRequest, Request proxyReque
                 .flatMap(field -> Stream.of(field.getValues()))
                 .filter(value -> !StringUtil.isBlank(value))
                 .collect(Collectors.joining(separator));
-            if (newValue.length() > 0)
+            if (!newValue.isEmpty())
                 newValue += separator;
             newValue += viaHeaderValue;
             return new HttpField(HttpHeader.VIA, newValue);
         }));
     }
 
-    protected void addXForwardedHeaders(HttpServletRequest clientRequest, Request proxyRequest)
-    {
-        proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_FOR, clientRequest.getRemoteAddr()));
-        proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_PROTO, clientRequest.getScheme()));
-        String hostHeader = clientRequest.getHeader(HttpHeader.HOST.asString());
-        if (hostHeader != null)
-            proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_HOST, hostHeader));
-        String localName = clientRequest.getLocalName();
-        if (localName != null)
-            proxyRequest.headers(headers -> headers.add(HttpHeader.X_FORWARDED_SERVER, localName));
+    protected void addForwardedHeader(HttpServletRequest clientRequest, Request proxyRequest)
+    {
+        String byAttr = clientRequest.getLocalAddr();
+        String forAttr = clientRequest.getRemoteAddr();
+        String hostAttr = clientRequest.getHeader(HttpHeader.HOST.asString());
+        String scheme = clientRequest.getScheme();
+        String protoAttr = scheme == null ? (clientRequest.isSecure() ? "https" : "http") : scheme;
+        String forwardedValue = "by=%s;for=%s;host=%s;proto=%s".formatted(
+            HttpField.PARAMETER_TOKENIZER.quote(byAttr),
+            HttpField.PARAMETER_TOKENIZER.quote(forAttr),
+            HttpField.PARAMETER_TOKENIZER.quote(hostAttr),
+            protoAttr
+        );
+        proxyRequest.headers(headers -> headers.computeField(HttpHeader.FORWARDED, (header, fields) ->
+        {
+            String newValue;
+            if (fields == null || fields.isEmpty())
+            {
+                newValue = forwardedValue;
+            }
+            else
+            {
+                String separator = ", ";
+                newValue = fields.stream()
+                    .flatMap(field -> field.getValueList().stream())
+                    .collect(Collectors.joining(separator));
+                newValue += separator + forwardedValue;
+            }
+            return new HttpField(HttpHeader.FORWARDED, newValue);
+        }));
     }
 
     protected void sendProxyRequest(HttpServletRequest clientRequest, HttpServletResponse proxyResponse, Request proxyRequest)

jetty-ee11/jetty-ee11-proxy/src/test/java/org/eclipse/jetty/ee11/proxy/ProxyServletTest.java

@@ -572,17 +572,17 @@ public void testProxyXForwardedHostHeaderIsPresent(Class<? extends ProxyServlet>
             protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException
             {
                 PrintWriter writer = resp.getWriter();
-                writer.write(req.getHeader("X-Forwarded-Host"));
+                writer.write(req.getHeader(HttpHeader.FORWARDED.asString()));
                 writer.flush();
             }
         });
         startProxy(proxyServletClass);
         startClient();
 
         ContentResponse response = client.GET("http://localhost:" + serverConnector.getLocalPort());
-        assertThat("Response expected to contain content of X-Forwarded-Host Header from the request",
+        assertThat("Response expected to contain content of Forwarded header from the request",
             response.getContentAsString(),
-            equalTo("localhost:" + serverConnector.getLocalPort()));
+            containsString("localhost:" + serverConnector.getLocalPort()));
     }
 
     @ParameterizedTest