You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to the RFC7239 specification, syntax for Forwarded Header is as follows: Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>
This values are used by Spring (all recent versions), if present, in order to reflect the client-originated protocol and address (when allowed through a configuration). There is a problem when using multiple values in this header:
# Multiple values can be appended using a comma
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10
The code in UriComponentsBuilder#adaptFromForwardedHeaders:798-800 is getting the first Forwarded Header, if multiple are found, split it by comma and use only the first part:
In our case we have result value - Forwarded: for=192.0.2.43 where all useful information is trimmed.
Is this really an issue or there is something that I am missing?
The text was updated successfully, but these errors were encountered:
According to the RFC7239 specification, syntax for Forwarded Header is as follows:
Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>
This values are used by Spring (all recent versions), if present, in order to reflect the client-originated protocol and address (when allowed through a configuration). There is a problem when using multiple values in this header:
The code in
UriComponentsBuilder#adaptFromForwardedHeaders:798-800
is getting the first Forwarded Header, if multiple are found, split it by comma and use only the first part:spring-framework/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
Line 800 in a4dc13a
In our case we have result value -
Forwarded: for=192.0.2.43
where all useful information is trimmed.Is this really an issue or there is something that I am missing?
The text was updated successfully, but these errors were encountered: