Details
-
Improvement
-
Status: Closed
-
Normal
-
Resolution: Fixed
-
None
-
None
-
None
-
Turing Sprint 174, Turing Sprint 175
Description
We do have a good extension point by setting a context init parameter like the following example, in order to override the default reverse proxy X-Forwarded-For header name, as of HSTTWO-3912:
<Parameter name="http-forwarded-for-header" value="X-FOO-Forwarded-For" override="false"/>
I'd like to propose an improvement that allows a comma-separated header names to allow multiple header names. e.g, "X-FOO-Forwarded-For, X-Forwarded-For".
The main reason is, sometimes developers want to test it with a different header name (e.g, "X-FOO-Forwarded-For") than the header name ("X-Forwarded-For") used by the load balancer. Load balancers tend to overwrite the header regardless of whether or not it's set by client. So, by having this multiplicity support, it can be easier for developers inside a corporate proxy network to test it out with different client ip addresses by using a different header name option.
The improvement wouldn't affect any API compatibility as HstRequestUtils#getForwardedForHeaderName() is private and others can be improved only in each method body.
Attachments
Issue Links
- relates to
-
-
- Closed
-
-
-
- Closed
-