spring-framework / org.springframework.web.filter / ForwardedHeaderFilter

ForwardedHeaderFilter

open class ForwardedHeaderFilter : OncePerRequestFilter

Extract values from "Forwarded" and "X-Forwarded-*" headers in order to wrap and override the following from the request and response: getServerName(), getServerPort(), getScheme(), isSecure(), and sendRedirect(String). In effect the wrapped request and response reflect the client-originated protocol and address.

Note: This filter can also be used in a removeOnly mode where "Forwarded" and "X-Forwarded-*" headers are only eliminated without being used.

Author
Rossen Stoyanchev

Author
EddĂș MelĂ©ndez

Author
Rob Winch

Since
4.3

See Also
<a href="https://tools.ietf.org/html/rfc7239">https://tools.ietf.org/html/rfc7239</a>

Constructors

<init>

 ForwardedHeaderFilter()

Functions

setRelativeRedirects

 open fun setRelativeRedirects(relativeRedirects: Boolean): Unit

Use this property to enable relative redirects as explained in and also using the same response wrapper as RelativeRedirectFilter does. Or if both filters are used, only one will wrap the response.

By default, if this property is set to false, in which case calls to HttpServletResponse#sendRedirect(String) are overridden in order to turn relative into absolute URLs since (which Servlet containers are also required to do) also taking forwarded headers into consideration.

setRemoveOnly

 open fun setRemoveOnly(removeOnly: Boolean): Unit

Enables mode in which any "Forwarded" or "X-Forwarded-*" headers are removed only and the information in them ignored.