Support multi-value x-forwarded-host header

Issue: SPR-11140

Author: rstoyanchev

spring-webmvc/src/main/java/org/springframework/web/servlet/support/ServletUriComponentsBuilder.java

@@ -96,16 +96,18 @@ public static ServletUriComponentsBuilder fromRequest(HttpServletRequest request
 		int port = request.getServerPort();
 		String host = request.getServerName();
 
-		String xForwardedHostHeader = request.getHeader("X-Forwarded-Host");
+		String header = request.getHeader("X-Forwarded-Host");
 
-		if (StringUtils.hasText(xForwardedHostHeader)) {
-			if (StringUtils.countOccurrencesOf(xForwardedHostHeader, ":") == 1) {
-				String[] hostAndPort = StringUtils.split(xForwardedHostHeader, ":");
+		if (StringUtils.hasText(header)) {
+			String[] hosts = StringUtils.commaDelimitedListToStringArray(header);
+			String hostToUse = hosts[0];
+			if (hostToUse.contains(":")) {
+				String[] hostAndPort = StringUtils.split(hostToUse, ":");
 				host  = hostAndPort[0];
 				port = Integer.parseInt(hostAndPort[1]);
 			}
 			else {
-				host = xForwardedHostHeader;
+				host = hostToUse;
 			}
 		}
 

spring-webmvc/src/test/java/org/springframework/web/servlet/support/ServletUriComponentsBuilderTests.java

@@ -107,6 +107,15 @@ public void fromRequestWithForwardedHostAndPortHeader() {
 		assertEquals(443, result.getPort());
 	}
 
+	// SPR-11140
+
+	@Test
+	public void fromRequestWithForwardedHostMultiValuedHeader() {
+		this.request.addHeader("X-Forwarded-Host", "a.example.org, b.example.org, c.example.org");
+
+		assertEquals("a.example.org", ServletUriComponentsBuilder.fromRequest(this.request).build().getHost());
+	}
+
 	@Test
 	public void fromContextPath() {
 		request.setRequestURI("/mvc-showcase/data/param");