root
/
spring-boot
mirror of https://github.com/spring-projects/spring-boot.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

Drop protocolHeader and remoteIpHeader defaults 

The `protocolHeader` and `remoteIpHeader` no longer have default values
and must be opt-in.

Fixes gh-1624
This commit is contained in:
Phillip Webb 2014-09-25 12:58:23 -07:00
parent 72ef1d6554
commit 0dc46a2fe7
2 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java
View File

@ -207,9 +207,9 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer {
+ "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" // 169.254/16
+ "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"; // 127/8
private String protocolHeader = "x-forwarded-proto";
private String protocolHeader;
private String remoteIpHeader = "x-forwarded-for";
private String remoteIpHeader;
private File basedir;

6
spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java
View File

@ -147,6 +147,12 @@ public class ServerPropertiesTests {
@Test
public void defaultTomcatRemoteIpValve() throws Exception {
Map<String, String> map = new HashMap<String, String>();
// Since 1.1.7 you need to specify at least the protocol and ip properties
map.put("server.tomcat.protocol_header", "x-forwarded-proto");
map.put("server.tomcat.remote_ip_header", "x-forwarded-for");
bindProperties(map);
TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory();
this.properties.customize(container);