search

perwendel / spark

A simple expressive web framework for java. Spark has a kotlin DSL https://github.com/perwendel/spark-kotlin
Apache License 2.0
9.64k stars 1.56k forks source link

X-Forwarded-Host header is copied into the Host header #1069

Open pablobastidasv opened 5 years ago

pablobastidasv commented 5 years ago

Given:

public class App {
    public static void main(String[] args) {
        get("/hello", (req, res) -> req.host());
    }
}

When:

curl --request GET \
  --url http://localhost:4567/hello \
  --header 'Host: localhost:4567' \
  --header 'x-forwarded-host: proxy.mydomain.com'

or 

curl --request GET \
  --url http://localhost:4567/hello \
  --header 'x-forwarded-host: proxy.mydomain.com'

Then: I expect my response with localhost:4567 but I get proxy.mydomain.com.

Questions:

  1. Is my assumption wrong?
  2. How can I get the Host header value when my service is behind a proxy?
perwendel commented 5 years ago

This is territory where I'm not confident on how it should work. Will have to investigate.

Lloyd-Pottiger commented 3 years ago

I would like to try to fix this issue.

Lloyd-Pottiger commented 3 years ago

When I debug the process to reproduce the issue, I find that the Host of HttpServletRequest passed in /src/main/java/spark/embeddedserver/jetty/JettyHandler.doHandle() method is proxy.mydomain.com, which means it is not a bug in code. After searching for answear, I find this link may help you understand the problem.