Community
Participate
Working Groups
Build Identifier: The current ProxyServlet sets X-Forwarded-Host like this: exchange.addRequestHeader("X-Forwarded-Host",request.getServerName()); This strips out the :port part of :servername:port. Specifically, if the client request contains "Host: example.com:8080", the X-Forwarded-Host will be set to "servername", not "servername:8080". This makes the proxied service create wrong redirect urls since it thinks it's responding on port 80. My local fix was to override customizeExchange like this: @Override protected void customizeExchange(HttpExchange exchange, HttpServletRequest request) { exchange.setRequestHeader("X-Forwarded-Host", request.getHeader("Host")); } But I expect the default behavior should be updated to pass the Host header along unmodified. Or is there some security or protocol issue I'm ignoring? Reproducible: Always Steps to Reproduce: 1. Add a ProxyServlet to a webapp using redirects 2. Access the proxy url with a custom port (8080) 3. Observe a redirect with an unspecified port
Created attachment 211485 [details] proposed patch I've added a unit test for this and changed the line setting the header to: exchange.addRequestHeader("X-Forwarded-Host",request.getHeader("Host")); That's the same behaviour as apache httpd's mod_proxy.
Change pushed to gerrit: https://git.eclipse.org/r/#/c/5201/
