[
https://issues.apache.org/jira/browse/FELIX-5662?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Karl Pauls updated FELIX-5662:
------------------------------
Description:
FELIX-5259 made it so that the sslfilter request returns the underlying
requests getServerPort() if no X-Forwarded-Port header is present on a call to
getServerPort().
The problem that it tries to address is that the sslfilter returned -1 from
getServerPort() when no X-Forwarded-Port header is set. As the javadoc does say:
{{iint getServerPort()}}
{{Returns the port number to which the request was sent. It is the value of the
part after ":" in the Host header value, if any, or the server port where the
client connection was accepted on.}}
that is not allowed but the intention was correct namely, it should be the
default port for the forwarded protocol.
However, the fix is wrong. It basically makes it so that if no X-Forwarded-Port
header is set the wrapped request will use the port of the connection. That
doesn't make sense. It should default to the default port of the forwarded
protocol (it just can't fall back to simply return -1 - it has to figure out
the correct default port).
was:
FELIX-5259 made it so that the sslfilter request returns the underlying
requests getServerPort() if no X-Forwarded-Port header is present on a call to
getServerPort().
The problem that it tries to address is that the sslfilter returned -1 from
getServerPort() when no X-Forwarded-Port header is set. As the javadoc does say:
{{iint getServerPort()
Returns the port number to which the request was sent. It is the value of the
part after ":" in the Host header value, if any, or the server port where the
client connection was accepted on.}}
that is not allowed but the intention was correct namely, it should be the
default port for the forwarded protocol.
However, the fix is wrong. It basically makes it so that if no X-Forwarded-Port
header is set the wrapped request will use the port of the connection. That
doesn't make sense. It should default to the default port of the forwarded
protocol (it just can't fall back to simply return -1 - it has to figure out
the correct default port).
> SSLFilterRequest returns the server port of the underlying request instead of
> the default port of the protocol.
> ---------------------------------------------------------------------------------------------------------------
>
> Key: FELIX-5662
> URL: https://issues.apache.org/jira/browse/FELIX-5662
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.sslfilter-1.2.0
> Reporter: Karl Pauls
> Assignee: Karl Pauls
> Fix For: http.sslfilter-1.2.2
>
>
> FELIX-5259 made it so that the sslfilter request returns the underlying
> requests getServerPort() if no X-Forwarded-Port header is present on a call
> to getServerPort().
> The problem that it tries to address is that the sslfilter returned -1 from
> getServerPort() when no X-Forwarded-Port header is set. As the javadoc does
> say:
> {{iint getServerPort()}}
> {{Returns the port number to which the request was sent. It is the value of
> the part after ":" in the Host header value, if any, or the server port where
> the client connection was accepted on.}}
> that is not allowed but the intention was correct namely, it should be the
> default port for the forwarded protocol.
> However, the fix is wrong. It basically makes it so that if no
> X-Forwarded-Port header is set the wrapped request will use the port of the
> connection. That doesn't make sense. It should default to the default port of
> the forwarded protocol (it just can't fall back to simply return -1 - it has
> to figure out the correct default port).
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
