IPv6 + Origin header + X-Forwarded-Host header gives NumberFormatException (Safari10 / CORS) [SPR-14761] #19327
When an IPv6-only client connects to our WebApp which uses Spring 4.3.2
And the browser sends an Origin header (Safari 10 does this under certain circumstances)
And the LoadBalancer/Reverse Proxy adds an X-Forwarded-Host header (with the IPv6 address)
Then you get a java.lang.NumberFormatException: For input string: "a51:0:920::30:20"
It appears that this CORS code is IPv4 only?
Backported to: 4.2.9
The text was updated successfully, but these errors were encountered:
Headers injected with this Firefox plugin: https://addons.mozilla.org/nl/firefox/addon/header-tool/ (for testing).
Brian Clozel commented
Thanks for the details.
Note that your issue you're encountering is about
Just one question, it seems that IPv6 addresses as host values should always be like this:
This is done in order to differentiate IP and port (see rfc3986 Section 3.2.2).
Did you craft that previous example by hand or is this a real request sent by your browser (i.e. not altered by the browser extension)?