In version 5.1.x, the ServletUriComponentsBuilder
methods changed to remove the usage of forwarded headers:
* code change: 4da43de
; https://github.com/spring-projects/spring-framework/issues/21209
* docs clarifications: bb5c8ed
); https://github.com/spring-projects/spring-framework/issues/21850
However, the method and class documentation in MvcUriComponentsBuilder
was not updated and still indicates the forwarded headers are used. (see instances of Note:
in the javadocs) Yet MvcUriComponentsBuilder
internally uses ServletUriComponentsBuilder
for URI components resolution:
https://github.com/spring-projects/spring-framework/blob/a0763d13c5032c9042bb56b1e6f899c0a6661991/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/MvcUriComponentsBuilder.java#L560-L564
This affects 5.1.x -> 7.0.x.
Simple test:
@Test
void testMvcUriComponentsBuilder() {
MockHttpServletRequest request = new MockHttpServletRequest();
request.setServerName("localhost");
request.setServerPort(8080);
request.setScheme("http");
request.addHeader("X-Forwarded-Proto", "https");
request.addHeader("X-Forwarded-Host", "test.example.com");
request.addHeader("X-Forwarded-Port", "443");
RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(request, new MockHttpServletResponse()));
@Controller
@RequestMapping("/test")
class InnerController {}
String expected = MvcUriComponentsBuilder.fromController(InnerController.class).toUriString();
assertEquals(expected, "https://test.example.com");
}
Error:
expected: <http://localhost:8080/test> but was: <https://test.example.com>
Comment From: rstoyanchev
Thanks for pointing this out.
Comment From: dforrest-es
@rstoyanchev Not a problem. Note that each method's javadocs also has this problem, not just the class level.