Note: This class uses values from "Forwarded" - * (RFC 7239), - * "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers, - * if present, in order to reflect the client-originated protocol and address. - * Consider using the {@code ForwardedHeaderFilter} in order to choose from a - * central place whether to extract and use, or to discard such headers. - * See the Spring Framework reference for more on this filter. + *
Note: As of 5.1, methods in this class do not extract + * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the + * client-originated address. Please, use + * {@link org.springframework.web.filter.ForwardedHeaderFilter + * ForwardedHeaderFilter}, or similar from the underlying server, to extract + * and use such headers, or to discard them. * * @author Rossen Stoyanchev * @since 3.1 @@ -76,10 +75,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Prepare a builder from the host, port, scheme, and context path of the * given HttpServletRequest. - *
Note: As of 5.1, this method ignores - * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the - * client-originated address. Consider using the {@code ForwardedHeaderFilter} - * to extract and use, or to discard such headers. */ public static ServletUriComponentsBuilder fromContextPath(HttpServletRequest request) { ServletUriComponentsBuilder builder = initFromRequest(request); @@ -94,10 +89,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { * will end with "/main". If the servlet is mapped otherwise, e.g. * {@code "/"} or {@code "*.do"}, the result will be the same as * if calling {@link #fromContextPath(HttpServletRequest)}. - *
Note: As of 5.1, this method ignores - * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the - * client-originated address. Consider using the {@code ForwardedHeaderFilter} - * to extract and use, or to discard such headers. */ public static ServletUriComponentsBuilder fromServletMapping(HttpServletRequest request) { ServletUriComponentsBuilder builder = fromContextPath(request); @@ -110,10 +101,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Prepare a builder from the host, port, scheme, and path (but not the query) * of the HttpServletRequest. - *
Note: As of 5.1, this method ignores - * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the - * client-originated address. Consider using the {@code ForwardedHeaderFilter} - * to extract and use, or to discard such headers. */ public static ServletUriComponentsBuilder fromRequestUri(HttpServletRequest request) { ServletUriComponentsBuilder builder = initFromRequest(request); @@ -124,10 +111,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Prepare a builder by copying the scheme, host, port, path, and * query string of an HttpServletRequest. - *
Note: As of 5.1, this method ignores - * {@code "Forwarded"} and {@code "X-Forwarded-*"} headers that specify the - * client-originated address. Consider using the {@code ForwardedHeaderFilter} - * to extract and use, or to discard such headers. */ public static ServletUriComponentsBuilder fromRequest(HttpServletRequest request) { ServletUriComponentsBuilder builder = initFromRequest(request); @@ -159,11 +142,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Same as {@link #fromContextPath(HttpServletRequest)} except the * request is obtained through {@link RequestContextHolder}. - *
Note: This method extracts values from "Forwarded" - * and "X-Forwarded-*" headers if found. See class-level docs. - *
As of 4.3.15, this method replaces the contextPath with the value - * of "X-Forwarded-Prefix" rather than prepending, thus aligning with - * {@code ForwardedHeaderFilter}. */ public static ServletUriComponentsBuilder fromCurrentContextPath() { return fromContextPath(getCurrentRequest()); @@ -172,11 +150,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Same as {@link #fromServletMapping(HttpServletRequest)} except the * request is obtained through {@link RequestContextHolder}. - *
Note: This method extracts values from "Forwarded" - * and "X-Forwarded-*" headers if found. See class-level docs. - *
As of 4.3.15, this method replaces the contextPath with the value - * of "X-Forwarded-Prefix" rather than prepending, thus aligning with - * {@code ForwardedHeaderFilter}. */ public static ServletUriComponentsBuilder fromCurrentServletMapping() { return fromServletMapping(getCurrentRequest()); @@ -185,11 +158,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Same as {@link #fromRequestUri(HttpServletRequest)} except the * request is obtained through {@link RequestContextHolder}. - *
Note: This method extracts values from "Forwarded" - * and "X-Forwarded-*" headers if found. See class-level docs. - *
As of 4.3.15, this method replaces the contextPath with the value - * of "X-Forwarded-Prefix" rather than prepending, thus aligning with - * {@code ForwardedHeaderFilter}. */ public static ServletUriComponentsBuilder fromCurrentRequestUri() { return fromRequestUri(getCurrentRequest()); @@ -198,11 +166,6 @@ public class ServletUriComponentsBuilder extends UriComponentsBuilder { /** * Same as {@link #fromRequest(HttpServletRequest)} except the * request is obtained through {@link RequestContextHolder}. - *
Note: This method extracts values from "Forwarded" - * and "X-Forwarded-*" headers if found. See class-level docs. - *
As of 4.3.15, this method replaces the contextPath with the value - * of "X-Forwarded-Prefix" rather than prepending, thus aligning with - * {@code ForwardedHeaderFilter}. */ public static ServletUriComponentsBuilder fromCurrentRequest() { return fromRequest(getCurrentRequest());