Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong host port when only X-Forwarded-Proto is present #2773

Merged
merged 5 commits into from
Apr 27, 2023
Merged

Wrong host port when only X-Forwarded-Proto is present #2773

merged 5 commits into from
Apr 27, 2023

Conversation

pderop
Copy link
Contributor

@pderop pderop commented Apr 14, 2023
edited
Loading

Motivation:
When resolving forwarded headers (X-Forwarded/Forwarded), the following scenario seems to happen in cloud foundry:

  • you send an https request to a cloud foundry application, for example an actuator request: https://cloudfoundryapplication/actuator
  • the front-end proxy forwards the request to a springboot application on non secure http 8080
  • The request contains a Host header without any port, as well as a X-Forwarded-Proto: https header
  • in this case, the DefaultHttpForwardedHeaderHandler class will wrongly resolve the host port as 80 instead of 443, because the request is received on a non-secure connection.
  • And the json response then contains an unexpected 80 port appended in the actuator urls:
{"_links":{"self":{"href":"https://cloudfoundryapplication:80/actuator","templated":false},"health-path":{"href":"https://cloudfoundryapplication:80/actuator/health/{*path}","templated":true},"health": ...

Have also applied the similar patch for Forwarded headers (like Forwarded: proto=https).
Fixes #2771

@pderop pderop added the type/bug A general bug label Apr 14, 2023
@pderop pderop added this to the 1.0.32 milestone Apr 14, 2023
@pderop pderop self-assigned this Apr 14, 2023
@pderop pderop changed the base branch from main to 1.0.x April 14, 2023 15:12
@pderop pderop mentioned this pull request Apr 14, 2023
Closed
@pderop pderop requested a review from rstoyanchev April 14, 2023 19:34
@pderop pderop removed the request for review from rstoyanchev April 18, 2023 07:42
@violetagg violetagg mentioned this pull request Apr 24, 2023
Closed
@pderop pderop requested a review from violetagg April 24, 2023 07:40
@pderop
Do not use ConnectionInfo private constructors from DefaultHttpForwar…
7d14deb 
…dedHeaderHandler. Having only Proto header should only affect HOST,X-Forwarded-Host,Forwarded host default port.
@pderop
Reverted patch which avoid using private ConnectionInfo API from Defa…
84e545d 
…ultHttpForwardedHeaderHandler (will create a new PR for this).
@pderop
Simplified the logic of the patch, we don't need to maintain the host…
26234ea 
…PortParsed in ConnectionInfo
@pderop
Copy link
Contributor Author

pderop commented Apr 26, 2023

in previous commit, drastically simplified the logic of the patch, based on Violeta's suggestions given privately (thanks !)

@pderop pderop merged commit 8eefda0 into reactor:1.0.x Apr 27, 2023
@pderop
Copy link
Contributor Author

pderop commented Apr 27, 2023

@violetagg , thanks for the review.

@pderop pderop deleted the 1.0.x-issue-2771 branch April 27, 2023 09:20
@violetagg violetagg changed the title Wrong host port 80 when only X-Forwarded-Proto: https is present Wrong host port when only X-Forwarded-Proto is present Apr 27, 2023
@pderop pderop mentioned this pull request Apr 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@violetagg violetagg violetagg approved these changes

Assignees

@pderop pderop

Labels
type/bug A general bug
Projects
None yet
Milestone
1.0.32
2 participants
@pderop @violetagg