You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by re...@apache.org on 2018/07/07 16:16:30 UTC
[cxf] branch master updated: Consider the outermost proxy in
X-Forwarded-Host (#429)
This is an automated email from the ASF dual-hosted git repository.
reta pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new ce29d14 Consider the outermost proxy in X-Forwarded-Host (#429)
ce29d14 is described below
commit ce29d14c08f961a83b14e6bac0d784ee8507d604
Author: mo7ty <mo...@users.noreply.github.com>
AuthorDate: Sat Jul 7 17:16:24 2018 +0100
Consider the outermost proxy in X-Forwarded-Host (#429)
When behind more than one reverse proxy, each can add a new entry in X-Forwarded-Host, resulting in:
> X-Forwarded-Host: host1, host2
Consider the outermost proxy/host ('host1') like done for 'originalRemoteAddr'.
---
.../java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
index f3a466e..eee121c 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/AbstractHTTPServlet.java
@@ -484,10 +484,11 @@ public abstract class AbstractHTTPServlet extends HttpServlet implements Filter
newRemoteAddr = (originalRemoteAddr.split(",")[0]).trim();
}
newRequestUri = calculateNewRequestUri(request, originalPrefix);
+ String outermostHost = (originalHost.split(",")[0]).trim();
newRequestUrl = calculateNewRequestUrl(request,
originalProto,
originalPrefix,
- originalHost,
+ outermostHost,
originalPort);
newContextPath = calculateNewContextPath(request, originalPrefix);
newServletPath = calculateNewServletPath(request, originalPrefix);