Merge remote-tracking branch 'origin/jetty-9.4.x' into jetty-10.0.x

2025-03-01 11:29:29 +00:00 · 2020-09-09 11:40:00 -05:00 · 2020-09-09 11:40:00 -05:00 · fc0683ac17
commit fc0683ac17
parent 269badf97f 165e59b3e2
2 changed files with 66 additions and 6 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/ForwardedRequestCustomizer.java
@ -605,16 +605,18 @@ public class ForwardedRequestCustomizer implements Customizer
        @SuppressWarnings("unused")
        public void handleHost(HttpField field)
        {
            HostPort hostField = new HostPort(getLeftMost(field.getValue()));
            if (getForwardedPortAsAuthority() && !StringUtil.isEmpty(getForwardedPortHeader()))
            {
                if (_host == null)
-                    _host = new PossiblyPartialHostPort(getLeftMost(field.getValue()));
+                    _host = new PossiblyPartialHostPort(hostField.getHost(), hostField.getPort());
                else if (_host instanceof PortSetHostPort)
-                    _host = new HostPort(HostPort.normalizeHost(getLeftMost(field.getValue())), _host.getPort());
+                    _host = new HostPort(hostField.getHost(), hostField.getPort() > 0 ? hostField.getPort() : _host.getPort());
            }
            else if (_host == null)
            {
-                _host = new HostPort(getLeftMost(field.getValue()));
+                _host = hostField;
            }
        }
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/ForwardedRequestCustomizerTest.java
@ -497,7 +497,67 @@ public class ForwardedRequestCustomizerTest
                    .requestURL("http://fw.example.com:4333/")
                    .remoteAddr("8.5.4.3").remotePort(2222)
            ),
-
+            Arguments.of(new Request("X-Forwarded-* (Multiple Ports)")
                    .headers(
                        "GET / HTTP/1.1",
                        "Host: myhost:10001",
                        "X-Forwarded-For: 127.0.0.1:8888,127.0.0.2:9999",
                        "X-Forwarded-Port: 10002",
                        "X-Forwarded-Proto: https",
                        "X-Forwarded-Host: sub1.example.com:10003",
                        "X-Forwarded-Server: sub2.example.com"
                    ),
                new Expectations()
                    .scheme("https").serverName("sub1.example.com").serverPort(10003)
                    .requestURL("https://sub1.example.com:10003/")
                    .remoteAddr("127.0.0.1").remotePort(8888)
            ),
            Arguments.of(new Request("X-Forwarded-* (Multiple Ports - Server First)")
                    .headers(
                        "GET / HTTP/1.1",
                        "X-Forwarded-Server: sub2.example.com:10007",
                        "Host: myhost:10001",
                        "X-Forwarded-For: 127.0.0.1:8888,127.0.0.2:9999",
                        "X-Forwarded-Proto: https",
                        "X-Forwarded-Port: 10002",
                        "X-Forwarded-Host: sub1.example.com:10003"
                    ),
                new Expectations()
                    .scheme("https").serverName("sub1.example.com").serverPort(10003)
                    .requestURL("https://sub1.example.com:10003/")
                    .remoteAddr("127.0.0.1").remotePort(8888)
            ),
            Arguments.of(new Request("X-Forwarded-* (Multiple Ports - setForwardedPortAsAuthority = false)")
                    .configureCustomizer((customizer) -> customizer.setForwardedPortAsAuthority(false))
                    .headers(
                        "GET / HTTP/1.1",
                        "Host: myhost:10001",
                        "X-Forwarded-For: 127.0.0.1:8888,127.0.0.2:9999",
                        "X-Forwarded-Port: 10002",
                        "X-Forwarded-Proto: https",
                        "X-Forwarded-Host: sub1.example.com:10003",
                        "X-Forwarded-Server: sub2.example.com"
                    ),
                new Expectations()
                    .scheme("https").serverName("sub1.example.com").serverPort(10003)
                    .requestURL("https://sub1.example.com:10003/")
                    .remoteAddr("127.0.0.1").remotePort(8888)
            ),
            Arguments.of(new Request("X-Forwarded-* (Multiple Ports Alt Order)")
                    .headers(
                        "GET / HTTP/1.1",
                        "Host: myhost:10001",
                        "X-Forwarded-For: 127.0.0.1:8888,127.0.0.2:9999",
                        "X-Forwarded-Proto: https",
                        "X-Forwarded-Host: sub1.example.com:10003",
                        "X-Forwarded-Port: 10002",
                        "X-Forwarded-Server: sub2.example.com"
                    ),
                new Expectations()
                    .scheme("https").serverName("sub1.example.com").serverPort(10003)
                    .requestURL("https://sub1.example.com:10003/")
                    .remoteAddr("127.0.0.1").remotePort(8888)
            ),
            // =================================================================
            // Mixed Behavior
            Arguments.of(new Request("RFC7239 mixed with X-Forwarded-* headers")
@ -585,7 +645,6 @@ public class ForwardedRequestCustomizerTest
    @ParameterizedTest(name = "{0}")
    @MethodSource("cases")
    @SuppressWarnings("unused")
    public void testDefaultBehavior(Request request, Expectations expectations) throws Exception
    {
        request.configure(customizer);
@ -601,7 +660,6 @@ public class ForwardedRequestCustomizerTest
    @ParameterizedTest(name = "{0}")
    @MethodSource("cases")
    @SuppressWarnings("unused")
    public void testConfiguredBehavior(Request request, Expectations expectations) throws Exception
    {
        request.configure(customizerConfigured);