ForwardedHeaderTransformer tries to build a URI from a decoded path when X-Forwarded-Prefix is set #23306

AndreasKl · 2019-07-17T13:53:49Z

When setting an X-Forwarded-Prefix and having an request URI that contains escape sequences like %23 an URISyntaxException exception is thrown from java.net.URI$Parser.parse in ForwardedHeaderTransformer as the path is decoded in ForwardedHeaderTransformer:

exception: "java.lang.IllegalStateException: Invalid URI path: "[...]/api/redeliveries/SN23#23232323#23"
	at org.springframework.http.server.reactive.DefaultServerHttpRequestBuilder.getUriToUse(DefaultServerHttpRequestBuilder.java:172)
	at org.springframework.http.server.reactive.DefaultServerHttpRequestBuilder.build(DefaultServerHttpRequestBuilder.java:134)
	at org.springframework.web.server.adapter.ForwardedHeaderTransformer.apply(ForwardedHeaderTransformer.java:104)
	at org.springframework.web.server.adapter.HttpWebHandlerAdapter.handle(HttpWebHandlerAdapter.java:227)
	at org.springframework.boot.web.reactive.context.ReactiveWebServerApplicationContext$ServerManager.handle(ReactiveWebServerApplicationContext.java:205)
	at org.springframework.http.server.reactive.ReactorHttpHandlerAdapter.apply(ReactorHttpHandlerAdapter.java:65)
	at org.springframework.http.server.reactive.ReactorHttpHandlerAdapter.apply(ReactorHttpHandlerAdapter.java:40)
	at reactor.netty.http.server.HttpServerHandle.onStateChange(HttpServerHandle.java:63)
[snip]
Caused by: java.net.URISyntaxException: Illegal character in fragment at index 102: [...]/api/redeliveries/SN23#23232323#23
	at java.base/java.net.URI$Parser.fail(Unknown Source)
	at java.base/java.net.URI$Parser.checkChars(Unknown Source)
	at java.base/java.net.URI$Parser.parse(Unknown Source)
	at java.base/java.net.URI.<init>(Unknown Source)
	at org.springframework.http.server.reactive.DefaultServerHttpRequestBuilder.getUriToUse(DefaultServerHttpRequestBuilder.java:169)
	... 34 common frames omitted

PR: #23305

The text was updated successfully, but these errors were encountered:

rstoyanchev · 2019-07-18T09:40:33Z

Thanks for the report and PR. Note for the future that you don't have to create both, and if you do we close the issue as superseded by the PR. The issue can be described on the PR instead.

spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jul 17, 2019

AndreasKl mentioned this issue Jul 17, 2019

ForwardedHeaderTransformer preserves escape sequences when applying X-Forwarded-Prefix #23305

Closed

rstoyanchev added status: superseded An issue that has been superseded by another and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jul 18, 2019

rstoyanchev closed this as completed Jul 18, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ForwardedHeaderTransformer tries to build a URI from a decoded path when X-Forwarded-Prefix is set #23306

ForwardedHeaderTransformer tries to build a URI from a decoded path when X-Forwarded-Prefix is set #23306

AndreasKl commented Jul 17, 2019 •

edited

rstoyanchev commented Jul 18, 2019

ForwardedHeaderTransformer tries to build a URI from a decoded path when X-Forwarded-Prefix is set #23306

ForwardedHeaderTransformer tries to build a URI from a decoded path when X-Forwarded-Prefix is set #23306

Comments

AndreasKl commented Jul 17, 2019 • edited

rstoyanchev commented Jul 18, 2019

AndreasKl commented Jul 17, 2019 •

edited