Do not tokenize Forward header value

This commit remove the tokenization previously used in UriComponentsBuilder#adaptFromForwardedHeaders, in order to support Forwarded headers that have multiple, comma-separated 'for' elements. Closes gh-25737
2020-09-09 16:31:24 +02:00 · 2020-09-09 16:31:24 +02:00 · 07d2c08f48
parent ed3b7cd10f
commit 07d2c08f48
2 changed files with 22 additions and 3 deletions
--- a/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
+++ b/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java
@ -754,8 +754,7 @@ public class UriComponentsBuilder implements UriBuilder, Cloneable {
 		try {
 			String forwardedHeader = headers.getFirst("Forwarded");
 			if (StringUtils.hasText(forwardedHeader)) {
-				String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
-				Matcher matcher = FORWARDED_PROTO_PATTERN.matcher(forwardedToUse);
+				Matcher matcher = FORWARDED_PROTO_PATTERN.matcher(forwardedHeader);
 				if (matcher.find()) {
 					scheme(matcher.group(1).trim());
 					port(null);
@ -764,7 +763,7 @@ public class UriComponentsBuilder implements UriBuilder, Cloneable {
 					scheme("https");
 					port(null);
 				}
-				matcher = FORWARDED_HOST_PATTERN.matcher(forwardedToUse);
+				matcher = FORWARDED_HOST_PATTERN.matcher(forwardedHeader);
 				if (matcher.find()) {
 					adaptForwardedHost(matcher.group(1).trim());
 				}
--- a/spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java
+++ b/spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java
@ -1114,6 +1114,26 @@ class UriComponentsBuilderTests {
 		assertThat(result.toUriString()).isEqualTo("https://example.com/rest/mobile/users/1");
 	}

+	@Test // gh-25737
+	void fromHttpRequestForwardedHeaderComma() {
+		MockHttpServletRequest request = new MockHttpServletRequest();
+		request.addHeader("Forwarded", "for=192.0.2.0,for=192.0.2.1;proto=https;host=192.0.2.3:9090");
+		request.setScheme("http");
+		request.setServerPort(8080);
+		request.setServerName("example.com");
+		request.setRequestURI("/rest/mobile/users/1");
+
+		HttpRequest httpRequest = new ServletServerHttpRequest(request);
+		UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build();
+
+		assertThat(result.getScheme()).isEqualTo("https");
+		assertThat(result.getHost()).isEqualTo("192.0.2.3");
+		assertThat(result.getPath()).isEqualTo("/rest/mobile/users/1");
+		assertThat(result.getPort()).isEqualTo(9090);
+		assertThat(result.toUriString()).isEqualTo("https://192.0.2.3:9090/rest/mobile/users/1");
+	}
+
+
 	@Test  // SPR-16364
 	void uriComponentsNotEqualAfterNormalization() {
 		UriComponents uri1 = UriComponentsBuilder.fromUriString("http://test.com").build().normalize();