Closed
Description
Thibaud Lepretre opened SPR-14372 and commented
Since 4.3.0.RELEASE Spring offers a new filter ForwardedHeaderFilter to handle X-Forwarded-* headers (#18192).
However method shouldNotFilter is case sensitive comparaison
@Override
protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
Enumeration<String> headerNames = request.getHeaderNames();
while (headerNames.hasMoreElements()) {
String name = headerNames.nextElement();
if (FORWARDED_HEADER_NAMES.contains(name)) {
return false;
}
}
return true;
}
Where RFC7230 - 3.2 Header Fields
Each header field consists of a case-insensitive field name followed by a colon (":")
Regardless RFC7230, NGinX configuration like
proxy_set_header X-Forwarded-Hostname $http_host;
Even with correct case will be transformed and container will received x-forwarded-hostname
Affects: 4.3 GA
Reference URL: https://github.com/kakawait/spr-14372
Issue Links:
- ForwardedHeaderFilter should support cases where contextPath should not be replaced with X-Forwarded-Prefix [SPR-14376] #18949 ForwardedHeaderFilter should support cases where contextPath should not be replaced with X-Forwarded-Prefix
Referenced from: commits 919f6c9
1 votes, 2 watchers