From 0dc46a2fe7a6ca571500ece29df5c667076147c9 Mon Sep 17 00:00:00 2001 From: Phillip Webb Date: Thu, 25 Sep 2014 12:58:23 -0700 Subject: [PATCH] Drop protocolHeader and remoteIpHeader defaults The `protocolHeader` and `remoteIpHeader` no longer have default values and must be opt-in. Fixes gh-1624 --- .../boot/autoconfigure/web/ServerProperties.java | 4 ++-- .../boot/autoconfigure/web/ServerPropertiesTests.java | 6 ++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java index 40004ab7ec6..8f46de2e56f 100644 --- a/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java +++ b/spring-boot-autoconfigure/src/main/java/org/springframework/boot/autoconfigure/web/ServerProperties.java @@ -207,9 +207,9 @@ public class ServerProperties implements EmbeddedServletContainerCustomizer { + "169\\.254\\.\\d{1,3}\\.\\d{1,3}|" // 169.254/16 + "127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}"; // 127/8 - private String protocolHeader = "x-forwarded-proto"; + private String protocolHeader; - private String remoteIpHeader = "x-forwarded-for"; + private String remoteIpHeader; private File basedir; diff --git a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java index 0f0b936069b..7c26398bb9a 100644 --- a/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java +++ b/spring-boot-autoconfigure/src/test/java/org/springframework/boot/autoconfigure/web/ServerPropertiesTests.java @@ -147,6 +147,12 @@ public class ServerPropertiesTests { @Test public void defaultTomcatRemoteIpValve() throws Exception { + Map map = new HashMap(); + // Since 1.1.7 you need to specify at least the protocol and ip properties + map.put("server.tomcat.protocol_header", "x-forwarded-proto"); + map.put("server.tomcat.remote_ip_header", "x-forwarded-for"); + bindProperties(map); + TomcatEmbeddedServletContainerFactory container = new TomcatEmbeddedServletContainerFactory(); this.properties.customize(container);