Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
x-forwarded-host & x-forwarded-prefix headers not working after project upgrade to Spring Boot 2.1
See original GitHub issueHad a working project, Spring boot / Spring data rest / Spring Hateos and after upgrade to Spring boot 2.1.3 it appears that x-forwarded-prefix and x-forwarded-host are not longer working. x-forwarded-proto and x-forwarded-port are working fine.
Broke it out into the simplest possible app demo.tar.gz to check and still couldn’t get it working.
If I run
http -v GET localhost:8081
the result is
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8081
User-Agent: HTTPie/0.9.8
HTTP/1.1 200
Content-Type: application/hal+json;charset=UTF-8
Date: Sat, 09 Mar 2019 18:21:59 GMT
Transfer-Encoding: chunked
{
"_links": {
"people": {
"href": "http://localhost:8081/people{?page,size,sort}",
"templated": true
},
"profile": {
"href": "http://localhost:8081/profile"
}
}
}
all ok so far, however when I try
http -v GET localhost:8081 x-forwarded-proto:https x-forwarded-host:example.com:9090 x-forwarded-port:9090 x-forwarded-prefix:/api
I get
GET / HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Connection: keep-alive
Host: localhost:8081
User-Agent: HTTPie/0.9.8
x-forwarded-host: example.com:9090
x-forwarded-port: 9090
x-forwarded-prefix: /api
x-forwarded-proto: https
HTTP/1.1 200
Content-Type: application/hal+json;charset=UTF-8
Date: Sat, 09 Mar 2019 18:23:01 GMT
Transfer-Encoding: chunked
{
"_links": {
"people": {
"href": "https://localhost:9090/people{?page,size,sort}",
"templated": true
},
"profile": {
"href": "https://localhost:9090/profile"
}
}
}
I was expecting the links to be of the form https://example.com:9090/api/profile
Issue Analytics
- State:
- Created 5 years ago
- Reactions:3
- Comments:25 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Okay, a little extra digging has uncovered:
Spring Boot doesn’t currently support all the
X-Forwarded-*stuff through that property setting. The docs only listX-Forwarded-ForandX-Forwarded-Protosupported by the existing property. Additionally, there are issues with each container regarding these de facto standard headers. Track Boot’s support at => https://github.com/spring-projects/spring-boot/issues/5677That being said, to enable
X-Forwarded-*support, add this to your application:…and Spring Boot will pick up the filter bean and register it with your Spring MVC app. (I don’t have the WebFlux counterpart here).
…and see…
Bottom line: this should be added to the reference docs so you don’t have to dig around in the issues or stackoverflow to get it going.
@patbaumgartner I have had the same problem. The solution was to use the ForwardedHeaderFilter. You have to register it with the @Bean annotation.
@Bean public Filter forwardedHeaderFilter() { return new ForwardedHeaderFilter(); }https://docs.spring.io/spring/docs/5.1.3.RELEASE/spring-framework-reference/web.html#filters-forwarded-headers --> “There are security considerations…”