An empty X-Forwarded-Prefix with a path containing escape sequences leads to exceptions.

7 years ago · 4973e110ee
2 changed files with 17 additions and 1 deletions
--- a/spring-web/src/main/java/org/springframework/web/server/adapter/ForwardedHeaderTransformer.java
+++ b/spring-web/src/main/java/org/springframework/web/server/adapter/ForwardedHeaderTransformer.java
@ -96,7 +96,7 @@ public class ForwardedHeaderTransformer implements Function<ServerHttpRequest, S
				@@ -96,7 +96,7 @@ public class ForwardedHeaderTransformer implements Function<ServerHttpRequest, S
 				builder.uri(uri);
 				String prefix = getForwardedPrefix(request);
 				if (prefix != null) {
-					builder.path(prefix + uri.getPath());
+					builder.path(prefix + uri.getRawPath());
 					builder.contextPath(prefix);
 				}
 			}
--- a/spring-web/src/test/java/org/springframework/web/server/adapter/ForwardedHeaderTransformerTests.java
+++ b/spring-web/src/test/java/org/springframework/web/server/adapter/ForwardedHeaderTransformerTests.java
@ -90,6 +90,22 @@ public class ForwardedHeaderTransformerTests {
				@@ -90,6 +90,22 @@ public class ForwardedHeaderTransformerTests {
 		assertForwardedHeadersRemoved(request);
 	}

+	@Test
+	public void emptyXForwardedPrefixShouldNotLeadToDecodedPath() throws Exception {
+		HttpHeaders headers = new HttpHeaders();
+		headers.add("X-Forwarded-Prefix", "");
+		ServerHttpRequest request = MockServerHttpRequest
+				.method(HttpMethod.GET, new URI("https://example.com/a%20b?q=a%2Bb"))
+				.headers(headers)
+				.build();
+
+		request = this.requestMutator.apply(request);
+
+		assertThat(request.getURI()).isEqualTo(new URI("https://example.com/a%20b?q=a%2Bb"));
+		assertThat(request.getPath().value()).isEqualTo("/a%20b");
+		assertForwardedHeadersRemoved(request);
+	}
+
 	@Test
 	public void xForwardedPrefixTrailingSlash() throws Exception {
 		HttpHeaders headers = new HttpHeaders();