spring-hateoas: x-forwarded-proto broken in Spring Boot 2.1.1

For the following test:

@Test
fun `GET links uses proto headers`() {
     mvc.perform(get("/v1/").header("x-forwarded-proto", "https"))
              .andExpect(status().isOk)
              .andExpect(jsonPath("$._links.activate.href", startsWith("https")))
}

And the following implementation:

private fun buildLinkForUser(currentUser: User) =  
entityLinks.linkToCollectionResource(UserResource::class.java).withRel("activate")

Or alternatively with controller links, e.g.:

fun buildLinkForUser(): Link = linkTo(methodOn(UserController::class.java).activate())
                .withRel("activate")

I get the test passing in Spring Boot 2.0.7 and failing in Spring Boot 2.1.1 - because the link gets http instead of https.

I checked Spring Hateoas in both boot releases and it remains 0.25.0. Obviously, this makes me think this issue doesn’t belong here. However, I was hoping you could help me reassign it where it belongs?

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 34 (13 by maintainers)

Commits related to this issue

YD-261 Testing Spring HATEOAS 0.25.1.BUILD-SNAPSHOT To see whether spring-projects/spring-hateoas#753 is fixed for us — committed to yonadev/yona-server by Bert-R 5 years ago
YD-261 Testing Spring HATEOAS 0.25.1.BUILD-SNAPSHOT (#535) To see whether spring-projects/spring-hateoas#753 is fixed for us — committed to yonadev/yona-server by Bert-R 5 years ago
YD-621 set server.use-forward-headers=true (#536) * YD-261 Testing Spring HATEOAS 0.25.1.BUILD-SNAPSHOT To see whether spring-projects/spring-hateoas#753 is fixed for us * YD-621 set server.us... — committed to yonadev/yona-server by Bert-R 5 years ago
YD-621 Added extra assert to verify proxy settings (#537) * YD-261 Testing Spring HATEOAS 0.25.1.BUILD-SNAPSHOT To see whether spring-projects/spring-hateoas#753 is fixed for us * YD-621 set se... — committed to yonadev/yona-server by Bert-R 5 years ago

Most upvoted comments

For future readers, use-forward-headers has been deprecated in favour of forward-headers-strategy:

server.forward-headers-strategy=native

forward-headers-strategy defaults to none.

redent on Feb 22, 2020

Spring Framework now defaults with Forwarded header support disabled. So you have to use that setting for any apps you need from here on.

I’ll consult with @odrotbohm about seeing if we can get a patch release out the door.

gregturn on Jan 31, 2019

@gregturn We would also appreciate a 0.25.1 Release because using a SNAPSHOT in production of course is not a Problem here but nevertheless makes us developers feel a bit nervous 😃

jenny1976 on Jan 31, 2019

After adding server.use-forward-headers=true, it works. Since when is this setting necessary? We never used it and it always worked.

With my confirmation (and also from @jenny1976), would you be willing and able to release 0.25.1?

Bert-R on Jan 31, 2019

i´ve recently upgraded from 1.5.4 to 2.1.4 and i´ve had the same issue.

With server.use-forward-headers=true on application.properties it´s fixed

raphaelLacerda on May 9, 2019

We can ship an 0.25.1 next week for inclusion in Spring Boot 2.1.3.

odrotbohm on Feb 7, 2019

If anybody struggles with this issue there is a fine workaround (?):

@Bean                                                                                                                                                                                                                                                                                                                                                                                 
public FilterRegistrationBean<ForwardedHeaderFilter> forwardedHeaderFilter() {                                                                                                                                                                                                                                                                                                        
    final FilterRegistrationBean<ForwardedHeaderFilter> filter = new FilterRegistrationBean<>();                                                                                                                                                                                                                                                                                  
    filter.setFilter(new ForwardedHeaderFilter());                                                                                                                                                                                                                                                                                                                                
    return filter;                                                                                                                                                                                                                                                                                                                                                                
}

taken from https://stackoverflow.com/a/53269319

agebhar1 on Feb 12, 2019

we currently use this SNAPSHOT and it works.

jenny1976 on Jan 30, 2019