Issue with Forwarded Header and Multiple Values

[zdravko-nestorov]

According to the RFC7239 specification, syntax for Forwarded Header is as follows:
Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>

This values are used by Spring (all recent versions), if present, in order to reflect the client-originated protocol and address (when allowed through a configuration). There is a problem when using multiple values in this header:

# Multiple values can be appended using a comma
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10

The code in UriComponentsBuilder#adaptFromForwardedHeaders:798-800 is getting the first Forwarded Header, if multiple are found, split it by comma and use only the first part:

spring-framework/spring-web/src/main/java/org/springframework/web/util/UriComponentsBuilder.java

Line 800 in a4dc13a

String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")[0];

In our case we have result value - Forwarded: for=192.0.2.43 where all useful information is trimmed.
Is this really an issue or there is something that I am missing?