Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Regression in 4.1.5: UriComponentsBuilder.fromHttpRequest sets port to 80 i.s.o nothing/443 [SPR-12771] #17368
I am using spring-hateoas to generate URL links between my REST managed resources. Since the upstep from Spring 4.1.4 -> 4.1.5, I'm having problems with the PORT/SCHEME combination generated.
Example link before the update:
Example link after the update:
As you can see, it automatically append port 80 to the URL. The problem is that my rest back-end is running on a cloud platform heroku, which is using a reverse proxy to terminate the TLS (HTTPS).
This worked well before the update since the port was not automatically appended and the browser could figure out the port by negotiation. By hard coding it (by taking it form the original request), this auto detecting is not possible anymore.
These are my headers:
I believe the problem lies in UriComponentsBuilder.fromHttpRequest:
In my case X-Forwarded-Port == 443, so the builder.port should be set to 443 or left blank (not filled with 80 as is now the case).
Reference URL: spring-projects/spring-hateoas#301
2 votes, 7 watchers
Damien Coraboeuf commented
With the following settings in an Nginx SSL reverse proxy:
In Spring 4.1.2, no problem ; but I see this regression in 4.1.5.
I think the culprit code is this condition:
It was not existing in the
In the situation indicated above, we fall in the case where the
Rossen Stoyanchev commented
I think that particular line of code is fine and hasn't changed. The issue is that after refactoring the code to move it from ServletUriComponentsBuilder into the more widely available UriComponentsBuilder, the starting point includes a port value, so this line picks up the port:
UriComponentsBuilder builder = UriComponentsBuilder.fromUri(uri);
I'll try to add a fix soon to try.
Brian Clozel commented
It's due on March 25th - you can check the official release date at any time on the dedicated page.