An empty X-Forwarded-Prefix with a path containing escape sequences leads to exceptions.
This commit is contained in:
committed by
Rossen Stoyanchev
parent
2b94205ba9
commit
4973e110ee
@@ -96,7 +96,7 @@ public class ForwardedHeaderTransformer implements Function<ServerHttpRequest, S
|
||||
builder.uri(uri);
|
||||
String prefix = getForwardedPrefix(request);
|
||||
if (prefix != null) {
|
||||
builder.path(prefix + uri.getPath());
|
||||
builder.path(prefix + uri.getRawPath());
|
||||
builder.contextPath(prefix);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -90,6 +90,22 @@ public class ForwardedHeaderTransformerTests {
|
||||
assertForwardedHeadersRemoved(request);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void emptyXForwardedPrefixShouldNotLeadToDecodedPath() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
headers.add("X-Forwarded-Prefix", "");
|
||||
ServerHttpRequest request = MockServerHttpRequest
|
||||
.method(HttpMethod.GET, new URI("https://example.com/a%20b?q=a%2Bb"))
|
||||
.headers(headers)
|
||||
.build();
|
||||
|
||||
request = this.requestMutator.apply(request);
|
||||
|
||||
assertThat(request.getURI()).isEqualTo(new URI("https://example.com/a%20b?q=a%2Bb"));
|
||||
assertThat(request.getPath().value()).isEqualTo("/a%20b");
|
||||
assertForwardedHeadersRemoved(request);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void xForwardedPrefixTrailingSlash() throws Exception {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
|
||||
Reference in New Issue
Block a user