Solve troubles with chained X-Forwarded headers.

X-Forwarded-Proto can be a list ie. https, http when two proxy servers are used. This patch makes sure that generated response uses first host/values.
opensmarthouse · Jul 5, 2021 · cae6d2c · cae6d2c
1 parent e33032a
commit cae6d2c
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/....io.rest.item/src/main/java/org/openhab/core/io/rest/core/internal/item/ItemResource.java b/....io.rest.item/src/main/java/org/openhab/core/io/rest/core/internal/item/ItemResource.java
@@ -149,13 +149,21 @@ public class ItemResource implements RESTResource {
      */
     private static void respectForwarded(final UriBuilder uriBuilder, final @Context HttpHeaders httpHeaders) {
         Optional.ofNullable(httpHeaders.getHeaderString("X-Forwarded-Host")).ifPresent(host -> {
+            if (host.contains(",")) {
+                host = host.split(",")[0];
+            }
             final String[] parts = host.split(":");
             uriBuilder.host(parts[0]);
             if (parts.length > 1) {
                 uriBuilder.port(Integer.parseInt(parts[1]));
             }
         });
-        Optional.ofNullable(httpHeaders.getHeaderString("X-Forwarded-Proto")).ifPresent(uriBuilder::scheme);
+        Optional.ofNullable(httpHeaders.getHeaderString("X-Forwarded-Proto")).map(scheme -> {
+            if (scheme.contains(",")) {
+                return scheme.split(",")[0];
+            }
+            return scheme;
+        }).ifPresent(uriBuilder::scheme);
     }
 
     private final Logger logger = LoggerFactory.getLogger(ItemResource.class);