X-Forwarded-Ssl is listed in ForwardedHeaderFilter

rstoyanchev · rstoyanchev · commit c7c3e5585bc2 · 2018-05-25T13:39:37.000-04:00
Issue: SPR-16863
diff --git a/spring-web/src/main/java/org/springframework/web/filter/ForwardedHeaderFilter.java b/spring-web/src/main/java/org/springframework/web/filter/ForwardedHeaderFilter.java
@@ -73,6 +73,7 @@ public class ForwardedHeaderFilter extends OncePerRequestFilter {
 		FORWARDED_HEADER_NAMES.add("X-Forwarded-Port");
 		FORWARDED_HEADER_NAMES.add("X-Forwarded-Proto");
 		FORWARDED_HEADER_NAMES.add("X-Forwarded-Prefix");
+		FORWARDED_HEADER_NAMES.add("X-Forwarded-Ssl");
 	}
 
 
diff --git a/spring-web/src/main/java/org/springframework/web/filter/reactive/ForwardedHeaderFilter.java b/spring-web/src/main/java/org/springframework/web/filter/reactive/ForwardedHeaderFilter.java
@@ -52,6 +52,7 @@ public class ForwardedHeaderFilter implements WebFilter {
 		FORWARDED_HEADER_NAMES.add("X-Forwarded-Port");
 		FORWARDED_HEADER_NAMES.add("X-Forwarded-Proto");
 		FORWARDED_HEADER_NAMES.add("X-Forwarded-Prefix");
+		FORWARDED_HEADER_NAMES.add("X-Forwarded-Ssl");
 	}
 
 
diff --git a/spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java b/spring-web/src/test/java/org/springframework/web/filter/ForwardedHeaderFilterTests.java
@@ -48,6 +48,7 @@ public class ForwardedHeaderFilterTests {
 	private static final String X_FORWARDED_HOST = "x-forwarded-host";
 	private static final String X_FORWARDED_PORT = "x-forwarded-port";
 	private static final String X_FORWARDED_PREFIX = "x-forwarded-prefix";
+	private static final String X_FORWARDED_SSL = "x-forwarded-ssl";
 
 
 	private final ForwardedHeaderFilter filter = new ForwardedHeaderFilter();
@@ -221,6 +222,7 @@ public void shouldFilter() {
 		testShouldFilter(X_FORWARDED_HOST);
 		testShouldFilter(X_FORWARDED_PORT);
 		testShouldFilter(X_FORWARDED_PROTO);
+		testShouldFilter(X_FORWARDED_SSL);
 	}
 
 	private void testShouldFilter(String headerName) {
@@ -263,6 +265,7 @@ public void forwardedRequestInRemoveOnlyMode() throws Exception {
 		this.request.addHeader(X_FORWARDED_PROTO, "https");
 		this.request.addHeader(X_FORWARDED_HOST, "84.198.58.199");
 		this.request.addHeader(X_FORWARDED_PORT, "443");
+		this.request.addHeader(X_FORWARDED_SSL, "on");
 		this.request.addHeader("foo", "bar");
 
 		this.filter.setRemoveOnly(true);
@@ -278,6 +281,30 @@ public void forwardedRequestInRemoveOnlyMode() throws Exception {
 		assertNull(actual.getHeader(X_FORWARDED_PROTO));
 		assertNull(actual.getHeader(X_FORWARDED_HOST));
 		assertNull(actual.getHeader(X_FORWARDED_PORT));
+		assertNull(actual.getHeader(X_FORWARDED_SSL));
+		assertEquals("bar", actual.getHeader("foo"));
+	}
+
+	@Test
+	public void forwardedRequestWithSsl() throws Exception {
+		this.request.setRequestURI("/mvc-showcase");
+		this.request.addHeader(X_FORWARDED_SSL, "on");
+		this.request.addHeader(X_FORWARDED_HOST, "84.198.58.199");
+		this.request.addHeader(X_FORWARDED_PORT, "443");
+		this.request.addHeader("foo", "bar");
+
+		this.filter.doFilter(this.request, new MockHttpServletResponse(), this.filterChain);
+		HttpServletRequest actual = (HttpServletRequest) this.filterChain.getRequest();
+
+		assertEquals("https://84.198.58.199/mvc-showcase", actual.getRequestURL().toString());
+		assertEquals("https", actual.getScheme());
+		assertEquals("84.198.58.199", actual.getServerName());
+		assertEquals(443, actual.getServerPort());
+		assertTrue(actual.isSecure());
+
+		assertNull(actual.getHeader(X_FORWARDED_SSL));
+		assertNull(actual.getHeader(X_FORWARDED_HOST));
+		assertNull(actual.getHeader(X_FORWARDED_PORT));
 		assertEquals("bar", actual.getHeader("foo"));
 	}
 
diff --git a/spring-web/src/test/java/org/springframework/web/filter/reactive/ForwardedHeaderFilterTests.java b/spring-web/src/test/java/org/springframework/web/filter/reactive/ForwardedHeaderFilterTests.java
@@ -51,7 +51,8 @@ public void removeOnly() {
 				.header("X-Forwarded-Host", "example.com")
 				.header("X-Forwarded-Port", "8080")
 				.header("X-Forwarded-Proto", "http")
-				.header("X-Forwarded-Prefix", "prefix"));
+				.header("X-Forwarded-Prefix", "prefix")
+				.header("X-Forwarded-Ssl", "on"));
 
 		this.filter.setRemoveOnly(true);
 		this.filter.filter(exchange, this.filterChain).block(Duration.ZERO);
@@ -63,6 +64,7 @@ public void removeOnly() {
 		assertFalse(result.containsKey("X-Forwarded-Port"));
 		assertFalse(result.containsKey("X-Forwarded-Proto"));
 		assertFalse(result.containsKey("X-Forwarded-Prefix"));
+		assertFalse(result.containsKey("X-Forwarded-Ssl"));
 	}
 
 	@Test

Original file line number	Diff line number	Diff line change
`@@ -73,6 +73,7 @@ public class ForwardedHeaderFilter extends OncePerRequestFilter {`
`73`	`73`	`FORWARDED_HEADER_NAMES.add("X-Forwarded-Port");`
`74`	`74`	`FORWARDED_HEADER_NAMES.add("X-Forwarded-Proto");`
`75`	`75`	`FORWARDED_HEADER_NAMES.add("X-Forwarded-Prefix");`
	`76`	`+ FORWARDED_HEADER_NAMES.add("X-Forwarded-Ssl");`
`76`	`77`	`}`
`77`	`78`
`78`	`79`
Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,7 @@ public class ForwardedHeaderFilter implements WebFilter {`
`52`	`52`	`FORWARDED_HEADER_NAMES.add("X-Forwarded-Port");`
`53`	`53`	`FORWARDED_HEADER_NAMES.add("X-Forwarded-Proto");`
`54`	`54`	`FORWARDED_HEADER_NAMES.add("X-Forwarded-Prefix");`
	`55`	`+ FORWARDED_HEADER_NAMES.add("X-Forwarded-Ssl");`
`55`	`56`	`}`
`56`	`57`
`57`	`58`