Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for X-Forwarded-Prefix in Spring HATEOAS

See original GitHub issue

Spring HATEOAS doesn’t currently support the X-Forwarded-Prefix header.

NOTE: Examples are illustrative

We are using a reverse proxy / API gateway to serve a HATEOAS webflux project. Our API gateway accepts requests at:

https://api.example.com/context/resource

Our backend service address for this is:

https://backend.example.com/resource

It returns the following HATEOAS links

{
  "_links": {
    "self": {
      "href": "https://backend.example.com/resource"
    }
  }
}

By using the following headers:

X-Forwarded-Host: api.example.com
X-Forwarded-Prefix: /context

We would expect the result to be

{
  "_links": {
    "self": {
      "href": "https://api.example.com/context/resource"
    }
  }
}

Instead we are seeing that the X-Forwarded-Host header is being applied correctly, but the X-Forwarded-Prefix header is not, e.g.:

{
  "_links": {
    "self": {
      "href": "https://api.example.com/resource"
    }
  }
}

The WebFluxLinkBuilder used to create HATEOAS links leverages the UrlComponentsBuilder from spring-web, which is missing the handling logic for the X-Forwarded-Prefix header. The ForwardedHeaderTransformer (also in spring-web) does handle this header.

I’m proposing having this added to the UrlComponentsBuilder.

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
hughwphamillcommented, Jun 1, 2021

Was this ever addressed? @stuartwakefield ?

0reactions
rstoyanchevcommented, Mar 19, 2020

Can you elaborate? I don’t quite follow what is lost.

It is true that ForwardedHeaderTransformer removes all forwarded headers it applies, but that’s because they are now reflected in the contextPath and URI of the request, and their presence in the headers could lead to issues if any other code tries to process them again.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to configure Spring HATEOAS behind proxy?
Save this answer. Show activity on this post. Make sure your proxy is adding X-Forwarded-Host: proxy.com header to the request that is passed ......
Read more >
Spring Boot behind a load balancer using the X-Forwarded ...
In this article you'll discover how to make use of the X-Forwarded headers passed from a load balancer to your Spring Boot application, ......
Read more >
Spring HATEOAS - Reference Documentation
This will create a servlet filter that processes all the X-Forwarded-… headers. And it will register it properly with the servlet handlers.
Read more >
How do I get Kongs X-Forwarded-Prefix Header into Spring ...
Coding example for the question How do I get Kongs X-Forwarded-Prefix Header into Spring Boot Application and its HATEOAS links?-Springboot.
Read more >
spring-projects/spring-boot - Gitter
@gregturn or anyone else from spring-hateoas, does spring-hateoas no longer use x-forwarded-prefix and so on when creating links in ControllerLinkBuilder?
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

WebClient decodes string array as one string

Next page

Storing JVM system properties in the Spring Environment as Properties can degrade performance due to synchronization