英文:
Issue with Forwarded Header and Multiple Values in Spring
问题
根据RFC7239规范,转发头部的语法如下:
Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>
这些值由Spring(所有最近的版本)在存在时使用,以便反映客户端发起的协议和地址(当允许通过配置时)。在使用多个值的情况下存在问题:
# 可以使用逗号添加多个值
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10
在UriComponentsBuilder#adaptFromForwardedHeaders:798-800中的代码中,如果找到多个转发头部,它会获取第一个,然后通过逗号拆分并仅使用第一个部分:
UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
try {
String forwardedHeader = headers.getFirst("Forwarded");
if (StringUtils.hasText(forwardedHeader)) {
String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
....
}
使用上述示例,forwardedToUse变量变为Forwarded: for=192.0.2.43,其中修剪了所有有用的信息。
这真的是一个问题吗?还是有什么我忽略的地方?如果这确实是一个问题,我该如何处理?非常感谢!
英文:
According to the RFC7239 specification, syntax for Forwarded Header is as follows:
Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>
These values are used by Spring (all recent versions), if present, in order to reflect the client-originated protocol and address (when allowed through a configuration). There is a problem when using multiple values in this header:
# Multiple values can be appended using a comma
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10
The code in UriComponentsBuilder#adaptFromForwardedHeaders:798-800 gets the first Forwarded Header, if multiple are found, splits it by comma and uses only the first part:
UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
try {
String forwardedHeader = headers.getFirst("Forwarded");
if (StringUtils.hasText(forwardedHeader)) {
String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
....
}
Using the example above, the forwardedToUse variable becomes Forwarded: for=192.0.2.43 where all useful information is trimmed.
Is this really an issue or there is something that I am missing? And if this is really a problem, how can I deal with it.
Thanks a lot in advance!
答案1
得分: 1
似乎在Spring中存在一个关于Forwarded头部的问题,特别是在存在多个值的情况下。该问题已经通过下面的提交进行了修复,并将在下一个版本中提供:
-
GitHub问题链接:关于Forwarded头部和多个值的问题
-
Spring Framework提交链接:不要对Forwarded头部的值进行分词
-
发布版本:Spring 5.2.9.RELEASE
英文:
It seems that there is an issue in Spring with Forwarded header in case of multiple values. It is fixed with the commit below and will be available in next release:
-
GitHub Issue: Issue with Forwarded Header and Multiple Values
-
Spring Framework Commit: Do not tokenize Forward header value
-
Release: Spring 5.2.9.RELEASE
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论