taz1988 commented on code in PR #11335:
URL: https://github.com/apache/nifi/pull/11335#discussion_r3409227746
##########
nifi-framework-bundle/nifi-framework/nifi-web/nifi-jetty/src/main/java/org/apache/nifi/web/server/connector/ProxyHeaderValidatorCustomizer.java:
##########
@@ -95,20 +101,40 @@ private void processProxyHostHeaders(final Request
request) {
final HttpFields requestHeaders = request.getHeaders();
for (final String proxyHostHeader : SUPPORTED_PROXY_HOST_HEADERS) {
- final String hostHeader = requestHeaders.get(proxyHostHeader);
+ String hostHeader = requestHeaders.get(proxyHostHeader);
// Include empty and blank values for enforced validation of
request headers
if (hostHeader == null) {
continue;
}
+
+ String[] hostHeaderParts = HOST_PORT_SEPARATOR.split(hostHeader);
+ if (hostHeaderParts.length == 2) {
+ hostHeader = hostHeaderParts[0];
+ }
+
// Allow proxy host header matching request host header based on
TLS SNI and DNS SAN requirements
if (requestHost.equals(hostHeader)) {
continue;
}
Review Comment:
extracted to a method and applied here too (and also add an extra test case
for that branch)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
