在Spring中关于转发标头和多个值的问题

huangapple go评论97阅读模式
英文:

Issue with Forwarded Header and Multiple Values in Spring

问题

根据RFC7239规范转发头部的语法如下:

Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>

这些值由Spring(所有最近的版本)在存在时使用,以便反映客户端发起的协议和地址(当允许通过配置时)。在使用多个值的情况下存在问题:

# 可以使用逗号添加多个值
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10

UriComponentsBuilder#adaptFromForwardedHeaders:798-800中的代码中,如果找到多个转发头部,它会获取第一个,然后通过逗号拆分并仅使用第一个部分:

UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
    try {
        String forwardedHeader = headers.getFirst("Forwarded");
        if (StringUtils.hasText(forwardedHeader)) {
            String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
            ....
}

使用上述示例,forwardedToUse变量变为Forwarded: for=192.0.2.43,其中修剪了所有有用的信息。

这真的是一个问题吗?还是有什么我忽略的地方?如果这确实是一个问题,我该如何处理?非常感谢!

英文:

According to the RFC7239 specification, syntax for Forwarded Header is as follows:

Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>

These values are used by Spring (all recent versions), if present, in order to reflect the client-originated protocol and address (when allowed through a configuration). There is a problem when using multiple values in this header:

# Multiple values can be appended using a comma
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10

The code in UriComponentsBuilder#adaptFromForwardedHeaders:798-800 gets the first Forwarded Header, if multiple are found, splits it by comma and uses only the first part:

	UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
		try {
			String forwardedHeader = headers.getFirst("Forwarded");
			if (StringUtils.hasText(forwardedHeader)) {
				String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
                ....
	}

Using the example above, the forwardedToUse variable becomes Forwarded: for=192.0.2.43 where all useful information is trimmed.

Is this really an issue or there is something that I am missing? And if this is really a problem, how can I deal with it.
Thanks a lot in advance!

答案1

得分: 1

似乎在Spring中存在一个关于Forwarded头部的问题,特别是在存在多个值的情况下。该问题已经通过下面的提交进行了修复,并将在下一个版本中提供:

英文:

It seems that there is an issue in Spring with Forwarded header in case of multiple values. It is fixed with the commit below and will be available in next release:

huangapple
  • 本文由 发表于 2020年9月8日 17:44:23
  • 转载请务必保留本文链接:https://go.coder-hub.com/63791283.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定