Uploaded image for project: '[Read Only] - Hippo Site Toolkit 2'
  1. [Read Only] - Hippo Site Toolkit 2
  2. HSTTWO-2965

HstRequestUtils#getFarthestRequestScheme() doesn't parse multi value header

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • 2.28.02
    • 2.28.03
    • None
    • None

    Description

      When there are multiple reverse proxy servers between user agent and servlet containers for some reason and each reverse proxy server is configured to add X-Forwarded-* headers, I notice that X-Forwarded-Proto header value is set to a comma separated multi-field string value. e.g, X-Forwarded-Proto: https,http
      Currently, the method doesn't care this possibility.

      In this case, scheme based redirection setting (only to allow https access for instance) in hst configuration can cause infinite redirection.

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HSTTWO-2966 Backport: HstRequestUtils#getFarthestRequestScheme() doesn't parse multi value header

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              jsheriff Junaidh Kadhar Sheriff
              wko Woonsan Ko (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: