Add an option to allow passing X-Forwarded headers to the application by tnleeuw · Pull Request #9955 · frankframework/frankframework
Changes
Add an option to allow passing X-Forwarded headers to the application and pipelines. By default this is true for this version, for backwards compatibility, but in future this should default to false for security.
Pull Request Checklist
Title
- Title expresses the business value (who benefits + what outcome)
Issues
- Relevant issues linked
Backports
- Backport PRs created (if needed) and linked
Documentation
- FF! Doc updated (user-facing behavior/config)
- FF! Manual updated (if applicable)
- Javadoc updated/generated (developer-facing APIs)
Tests
- Unit tests added/updated
- E2E/Integration tests added/updated (if applicable)
Breaking changes
- Breaking change recorded in markdown file
- Migration notes included (if needed)
| // This filter converts x-forwarded headers to their corresponding `normal` headers. Eg. `X-Forwarded-Proto` sets HttpServletRequest.isSecure to `true`. | ||
| http.addFilterBefore(new ForwardedHeaderFilter(), SecurityContextHolderFilter.class); | ||
| if (!allowForwardedHeadersPassthrough) { | ||
| // This filter removes x-forwarded headers and converts them to their corresponding `normal` headers. Eg. `X-Forwarded-Proto` sets HttpServletRequest.isSecure to `true`. |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The filter does more than just blocking the headers. It manipulates the request, it will use the 'forwarded' information as scheme, secure, host, post, remote-address fields.
| * @see <a href="https://tools.ietf.org/html/rfc7239">https://tools.ietf.org/html/rfc7239</a> | ||
| * @see <a href="https://docs.spring.io/spring-framework/reference/web/webmvc/filters.html#filters-forwarded-headers">Forwarded Headers</a> | ||
| */ | ||
| public class CustomizedForwardedHeaderFilter extends OncePerRequestFilter { |
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Misschien hier //NOSONAR zetten?
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
En of de issues fixen??
nielsm5
deleted the
issue/9.0/9954_XForwardHeadersMissing
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters