Do not tokenize Forward header value

This commit remove the tokenization previously used in
UriComponentsBuilder#adaptFromForwardedHeaders, in order to support
Forwarded headers that have multiple, comma-separated 'for' elements.

Closes gh-25737
This commit is contained in:
Arjen Poutsma
2020-09-09 16:31:24 +02:00
parent ed3b7cd10f
commit 07d2c08f48
2 changed files with 22 additions and 3 deletions

View File

@@ -1114,6 +1114,26 @@ class UriComponentsBuilderTests {
assertThat(result.toUriString()).isEqualTo("https://example.com/rest/mobile/users/1");
}
@Test // gh-25737
void fromHttpRequestForwardedHeaderComma() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.addHeader("Forwarded", "for=192.0.2.0,for=192.0.2.1;proto=https;host=192.0.2.3:9090");
request.setScheme("http");
request.setServerPort(8080);
request.setServerName("example.com");
request.setRequestURI("/rest/mobile/users/1");
HttpRequest httpRequest = new ServletServerHttpRequest(request);
UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build();
assertThat(result.getScheme()).isEqualTo("https");
assertThat(result.getHost()).isEqualTo("192.0.2.3");
assertThat(result.getPath()).isEqualTo("/rest/mobile/users/1");
assertThat(result.getPort()).isEqualTo(9090);
assertThat(result.toUriString()).isEqualTo("https://192.0.2.3:9090/rest/mobile/users/1");
}
@Test // SPR-16364
void uriComponentsNotEqualAfterNormalization() {
UriComponents uri1 = UriComponentsBuilder.fromUriString("http://test.com").build().normalize();