Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-1230

Http2ClientConnection overwrites existing X_FORWARDED_FOR header

    Details

      Description

      In the Http2ClientConnection.sendRequest method if the peer is not null, the existing X_FORWARDED_FOR header is overwitten. This leads to information loss in an architecture where for example the we have an undertow load balancer with undertow nodes using HTTP2.

      String peer = request.getAttachment(ProxiedRequestAttachments.REMOTE_HOST);
      if(peer != null) {
          request.getRequestHeaders().put(Headers.X_FORWARDED_FOR, peer);
      }
      

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                swd847 Stuart Douglas
                Reporter:
                mn3monic Attila Majoros
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: