Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PlayWebContext incorrectly sets port for requests coming from load balancer #237

Closed
suhinini opened this issue Jul 20, 2018 · 2 comments
Closed

PlayWebContext incorrectly sets port for requests coming from load balancer #237

suhinini opened this issue Jul 20, 2018 · 2 comments
Labels
bug
Milestone
6.0.1

Comments

@suhinini
Copy link
Contributor

PlayWebContext incorrectly uses 80 as a default port ignoring request.secure(): https://github.com/pac4j/play-pac4j/blob/master/shared/src/main/java/org/pac4j/play/PlayWebContext.java#L181

This is causing problems when library is used in apps that are working from behind load balancers or reverse proxies and security and port of the call is defined by Forwarded headers. In such scenario request.secure() will return true, while code in question will claim port is 80. This causes problems in DefaultUrlResolver of pac4j's core library:

  1. ContextHelper.isHttps(context) will return true as it relies on request.secure() that's filled by Play with correct values from Forwarded headers.
  2. context.getServerPort() will return 80 as it does not take request.secure() or X-Forwarded-Port into account.

Resulting urls look like https://something.org:80 and this causes obvious problems.

Thanks
@leleuj
Copy link
Member

leleuj commented Jul 23, 2018

Thanks for reporting. Would you mind submitting a PR to fix that (on both the master and 6.0.x branches)? Thanks

suhinini added a commit to suhinini/play-pac4j that referenced this issue Jul 24, 2018
@suhinini
Fix for pac4j#237: PlayWebContext incorrectly sets port for requests …
db08504 
…coming from load balancer.
@suhinini
Copy link
Contributor Author

Sure. Let's try with master first.

leleuj added a commit that referenced this issue Jul 25, 2018
@leleuj
Merge pull request #238 from suhinini/master
c4c2007 
Fix for #237
@leleuj leleuj added the bug label Jul 25, 2018
@leleuj leleuj added this to the 6.0.1 milestone Jul 25, 2018
suhinini added a commit to suhinini/play-pac4j that referenced this issue Jul 26, 2018
@suhinini
Fix for pac4j#237: PlayWebContext incorrectly sets port for requests …
b49b861 
…coming from load balancer.
leleuj added a commit that referenced this issue Jul 27, 2018
@leleuj
Merge pull request #240 from suhinini/origin/6.0.x
3e0697c 
Fix for #237:
@leleuj leleuj closed this as completed Jul 27, 2018
@leleuj leleuj added this to the 6.0.1 milestone Jul 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
6.0.1
Development

No branches or pull requests
2 participants
@suhinini @leleuj