-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PreDecorationFilter overrides X-Forwarded-Host #959
Comments
I can see why that might be inconvenient, but the Zuul filter only replaces the x-forwarded-host header with what it finds in the request, so if the app is configured normally (for any app behind a proxy) it should pick the right value. There's a section in the Spring Boot user guide about how to configure an app for use behind a proxy (TL;DR set |
Yes, you're right. Zuul always replaces x-forwarded-host with servername: My app is deployed to PCF (by default All requests coming to my app are with x-forwarded-host: zuul-address.com instead of reverseproxy.com. so I assume that the issue comes from zuul itself ;/ |
so should we be appending to the list if it already exists? |
No, I don't think so: X-Forwarded-Hist is single valued. Maybe one of the other proxies is messed up, or maybe your Zuul gateway does not have `session.use-forward-headers=true"? |
I ask because Spring Hateoas treats it like it can be a comma separated list https://github.com/spring-projects/spring-hateoas/blob/master/src/main/java/org/springframework/hateoas/mvc/ControllerLinkBuilder.java#L237-L243 |
From apache mod-proxy documentation:
So I suppose that it should be comma separated list. Another thing as you mentioned is that Hateoas also treats it as list. |
I've never seen x-forwarded-host multi valued, but anyway, the container should be dealing with it for us so we shouldn't have to care. All we care about is that the servlet request has the right host info, and that's not in our hands AFAIK. |
Have the same problem. PreDecorationFilter just overrides header from previous reverse proxy server. I had to disable adding proxy headers using zuul.add-proxy-headers=false, but i believe filter should add one more X-Forwarded-Host header |
Would there be anything wrong if the filter only set the header if they weren't already present? |
@dsyer Not only Spring Hateoas, but Spring in general supports multi valued X-Forwarded-Host header. See for instance https://jira.spring.io/browse/SPR-11140 . The same applies for X-Forwarded-Port and X-Forwarded-Proto. |
I think when I said you didn't have to care it was from the point of view of the downstream (and I was wrong anyway). The simplest fix would be to only set the header if it is not already present. An equivalent workaround with no changes would be to set |
Judging by the implementation of |
P.S. There's another, more complete workaround in that duplicate #1286 (a custom filter). |
Thanks for the workarounds and for reconsidering. |
Fixed in a38b7b7 (but see comment there about the "Forwarded" header, which is recognized by |
Hi,
Today I have encountered the following issue:
We have an application running behind multiple reverse-proxies. Here is a simple schema:
Client => RP1 => RP2 => Zuul => App
RP1 - reverseproxy.com
RP2 - reverseproxy2.com
Client
===> RP1 (x-forwarded-host: reverseproxy.com)
===> RP2 (x-forwarded-host: reverseproxy.com, reverseproxy2.com)
===> Zuul (x-forwarded-host: reverseproxy2.com)
===> App
I have found that PreDecorationFilter is replacing x-forwarded-host instead checking whether it exists before. Is that a proper behaviour? As far as I understand X-Forwarded-Host is original host header (RP1 hostname) not the previous one.
Below snippet of code reponsible for it:
https://github.com/spring-cloud/spring-cloud-netflix/blob/master/spring-cloud-netflix-core/src/main/java/org/springframework/cloud/netflix/zuul/filters/pre/PreDecorationFilter.java#L101-L102
The text was updated successfully, but these errors were encountered: