[
https://issues.apache.org/jira/browse/KNOX-897?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15903611#comment-15903611
]
Sumit Gupta commented on KNOX-897:
----------------------------------
Hey [~akanto], [~smore], I just took a look at the patch in order to see if we
want to include it into the 0.12.0 branch. While I think it makes sense to get
the fix for this bug into 0.12.0, I have a small concern about the patch.
I think the patch does not take into account the use case where Knox is the
only reverse proxy between the REST or UI client and the back end service. In
such a case, Knox will populate the X-Forwarded-Port and not simply pass it on
from the request. In this case, the port should be Knox's port and not a
default like 443, otherwise the back-end service that is potentially consuming
the header will incorrectly get 443.
Does this make sense?
> X-Forwarded-Port is incorrectly determined
> ------------------------------------------
>
> Key: KNOX-897
> URL: https://issues.apache.org/jira/browse/KNOX-897
> Project: Apache Knox
> Issue Type: Bug
> Affects Versions: 0.11.0
> Reporter: Attila Kanto
> Fix For: 0.12.0
>
> Attachments: gateway.log, knox-897.patch, Screen Shot 2017-03-01 at
> 14.44.03.png
>
>
> If the client fills out the following headers:
> {code}
> Header[X-Forwarded-Host]=local.somehost.com
> Header[X-Forwarded-Proto]=https
> {code}
> And does not specify the port number in X-Forwarded-Host since it uses the
> the default port, then Knox automatically populates X-Forwarded-Port header
> field with its own local port e.g. 8443 instead of the default 443 which
> results in page not founds (see screenshot and log).
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
