程序包 cn.taketoday.http.server.reactive

类 ForwardedHeaderTransformer

java.lang.Object

cn.taketoday.http.server.reactive.ForwardedHeaderTransformer

所有已实现的接口:

Function<ServerHttpRequest,ServerHttpRequest>

public class ForwardedHeaderTransformer
extends Object
implements Function<ServerHttpRequest,ServerHttpRequest>

Extract values from "Forwarded" and "X-Forwarded-*" headers to override the request URI (i.e. HttpRequest.getURI()) so it reflects the client-originated protocol and address.

There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client. This is why a proxy at the boundary of trust should be configured to remove untrusted Forwarded headers that come from the outside.

You can also configure the ForwardedHeaderFilter with removeOnly, in which case it removes but does not use the headers.

从以下版本开始:

4.0 2022/10/21 12:19

作者:

Rossen Stoyanchev, Harry Yang

另请参阅:

• https://tools.ietf.org/html/rfc7239

字段概要

字段

修饰符和类型	字段	说明
(专用程序包) static final Set<String>	FORWARDED_HEADER_NAMES
private boolean	removeOnly

构造器概要

构造器

构造器	说明
ForwardedHeaderTransformer()

方法概要

修饰符和类型	方法	说明
private static URI	adaptFromForwardedHeaders(URI uri, HttpHeaders headers)
ServerHttpRequest	apply(ServerHttpRequest request)	Apply and remove, or remove Forwarded type headers.
private static String	getForwardedPrefix(ServerHttpRequest request)
protected boolean	hasForwardedHeaders(ServerHttpRequest request)	Whether the request has any Forwarded headers.
boolean	isRemoveOnly()	Whether the "remove only" mode is on.
private void	removeForwardedHeaders(ServerHttpRequest.Builder builder)
void	setRemoveOnly(boolean removeOnly)	Enable mode in which any "Forwarded" or "X-Forwarded-*" headers are removed only and the information in them ignored.

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

从接口继承的方法 java.util.function.Function

andThen, compose

字段详细资料

FORWARDED_HEADER_NAMES

static final Set<String> FORWARDED_HEADER_NAMES

removeOnly

private boolean removeOnly

构造器详细资料

ForwardedHeaderTransformer

public ForwardedHeaderTransformer()

方法详细资料

setRemoveOnly

public void setRemoveOnly(boolean removeOnly)

Enable mode in which any "Forwarded" or "X-Forwarded-*" headers are removed only and the information in them ignored.

参数:

removeOnly - whether to discard and ignore forwarded headers

isRemoveOnly

public boolean isRemoveOnly()

Whether the "remove only" mode is on.

另请参阅:

• setRemoveOnly(boolean)

apply

public ServerHttpRequest apply(ServerHttpRequest request)

Apply and remove, or remove Forwarded type headers.

指定者:

apply 在接口中 Function<ServerHttpRequest,ServerHttpRequest>

参数:

request - the request

adaptFromForwardedHeaders

private static URI adaptFromForwardedHeaders(URI uri,
 HttpHeaders headers)

hasForwardedHeaders

protected boolean hasForwardedHeaders(ServerHttpRequest request)

Whether the request has any Forwarded headers.

参数:

request - the request

removeForwardedHeaders

private void removeForwardedHeaders(ServerHttpRequest.Builder builder)

getForwardedPrefix

@Nullable
private static String getForwardedPrefix(ServerHttpRequest request)