Skip to content

Commit 3bd96a6

Browse files
poutsmapoutsma
committed
Merge branch '5.2.x' into master
2 parents fe69620 + 07d2c08 commit 3bd96a6

File tree

2 files changed

+22
-3
lines changed

2 files changed

+22
-3
lines changed

spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -806,8 +806,7 @@ UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
806806
try {
807807
String forwardedHeader = headers.getFirst("Forwarded");
808808
if (StringUtils.hasText(forwardedHeader)) {
809-
String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];
810-
Matcher matcher = FORWARDED_PROTO_PATTERN.matcher(forwardedToUse);
809+
Matcher matcher = FORWARDED_PROTO_PATTERN.matcher(forwardedHeader);
811810
if (matcher.find()) {
812811
scheme(matcher.group(1).trim());
813812
port(null);
@@ -816,7 +815,7 @@ else if (isForwardedSslOn(headers)) {
816815
scheme("https");
817816
port(null);
818817
}
819-
matcher = FORWARDED_HOST_PATTERN.matcher(forwardedToUse);
818+
matcher = FORWARDED_HOST_PATTERN.matcher(forwardedHeader);
820819
if (matcher.find()) {
821820
adaptForwardedHost(matcher.group(1).trim());
822821
}

spring-web/src/test/java/org/springframework/web/util/UriComponentsBuilderTests.java

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1120,6 +1120,26 @@ void fromHttpRequestForwardedHeaderWithProtoAndServerPort() {
11201120
assertThat(result.toUriString()).isEqualTo("https://example.com/rest/mobile/users/1");
11211121
}
11221122

1123+
@Test // gh-25737
1124+
void fromHttpRequestForwardedHeaderComma() {
1125+
MockHttpServletRequest request = new MockHttpServletRequest();
1126+
request.addHeader("Forwarded", "for=192.0.2.0,for=192.0.2.1;proto=https;host=192.0.2.3:9090");
1127+
request.setScheme("http");
1128+
request.setServerPort(8080);
1129+
request.setServerName("example.com");
1130+
request.setRequestURI("/rest/mobile/users/1");
1131+
1132+
HttpRequest httpRequest = new ServletServerHttpRequest(request);
1133+
UriComponents result = UriComponentsBuilder.fromHttpRequest(httpRequest).build();
1134+
1135+
assertThat(result.getScheme()).isEqualTo("https");
1136+
assertThat(result.getHost()).isEqualTo("192.0.2.3");
1137+
assertThat(result.getPath()).isEqualTo("/rest/mobile/users/1");
1138+
assertThat(result.getPort()).isEqualTo(9090);
1139+
assertThat(result.toUriString()).isEqualTo("https://192.0.2.3:9090/rest/mobile/users/1");
1140+
}
1141+
1142+
11231143
@Test // SPR-16364
11241144
void uriComponentsNotEqualAfterNormalization() {
11251145
UriComponents uri1 = UriComponentsBuilder.fromUriString("http://test.com").build().normalize();

0 commit comments

Comments
 (0)