| Summary: | ProxyServlet should pass :port part of Host header along in the X-Forwarded-Port header | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [RT] Jetty | Reporter: | Eirik Bjørsnøs <eirbjo> | ||||
| Component: | server | Assignee: | Thomas Becker <tbecker> | ||||
| Status: | CLOSED FIXED | QA Contact: | |||||
| Severity: | normal | ||||||
| Priority: | P3 | CC: | jetty-inbox, simone.bordet, tbecker | ||||
| Version: | unspecified | ||||||
| Target Milestone: | 7.5.x | ||||||
| Hardware: | Macintosh | ||||||
| OS: | Mac OS X - Carbon (unsup.) | ||||||
| Whiteboard: | |||||||
| Attachments: |
|
||||||
Created attachment 211485 [details]
proposed patch
I've added a unit test for this and changed the line setting the header to:
exchange.addRequestHeader("X-Forwarded-Host",request.getHeader("Host"));
That's the same behaviour as apache httpd's mod_proxy.
Change pushed to gerrit: https://git.eclipse.org/r/#/c/5201/ |
Build Identifier: The current ProxyServlet sets X-Forwarded-Host like this: exchange.addRequestHeader("X-Forwarded-Host",request.getServerName()); This strips out the :port part of :servername:port. Specifically, if the client request contains "Host: example.com:8080", the X-Forwarded-Host will be set to "servername", not "servername:8080". This makes the proxied service create wrong redirect urls since it thinks it's responding on port 80. My local fix was to override customizeExchange like this: @Override protected void customizeExchange(HttpExchange exchange, HttpServletRequest request) { exchange.setRequestHeader("X-Forwarded-Host", request.getHeader("Host")); } But I expect the default behavior should be updated to pass the Host header along unmodified. Or is there some security or protocol issue I'm ignoring? Reproducible: Always Steps to Reproduce: 1. Add a ProxyServlet to a webapp using redirects 2. Access the proxy url with a custom port (8080) 3. Observe a redirect with an unspecified port