An empty X-Forwarded-Prefix with a path containing escape sequences leads to exceptions.

This commit is contained in:
Andreas Kluth
2019-07-17 15:41:25 +02:00
committed by Rossen Stoyanchev
parent 2b94205ba9
commit 4973e110ee
2 changed files with 17 additions and 1 deletions

View File

@@ -96,7 +96,7 @@ public class ForwardedHeaderTransformer implements Function<ServerHttpRequest, S
builder.uri(uri);
String prefix = getForwardedPrefix(request);
if (prefix != null) {
builder.path(prefix + uri.getPath());
builder.path(prefix + uri.getRawPath());
builder.contextPath(prefix);
}
}

View File

@@ -90,6 +90,22 @@ public class ForwardedHeaderTransformerTests {
assertForwardedHeadersRemoved(request);
}
@Test
public void emptyXForwardedPrefixShouldNotLeadToDecodedPath() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.add("X-Forwarded-Prefix", "");
ServerHttpRequest request = MockServerHttpRequest
.method(HttpMethod.GET, new URI("https://example.com/a%20b?q=a%2Bb"))
.headers(headers)
.build();
request = this.requestMutator.apply(request);
assertThat(request.getURI()).isEqualTo(new URI("https://example.com/a%20b?q=a%2Bb"));
assertThat(request.getPath().value()).isEqualTo("/a%20b");
assertForwardedHeadersRemoved(request);
}
@Test
public void xForwardedPrefixTrailingSlash() throws Exception {
HttpHeaders headers = new HttpHeaders();