Class ForwardedHeaderUtils


public abstract class ForwardedHeaderUtils extends Object
Utility class to assist with processing "Forwarded" and "X-Forwarded-*" headers.

Note: There are security considerations surrounding the use of forwarded headers. Those should not be used unless the application is behind a trusted proxy that inserts them and also explicitly removes any such headers coming from an external source.

In most cases, you should not use this class directly but rather rely on ForwardedHeaderFilter for Spring MVC or ForwardedHeaderTransformer in order to extract the information from the headers as early as possible and discard such headers. Underlying servers such as Tomcat, Jetty, and Reactor Netty also provide options to handle forwarded headers even earlier.

Rossen Stoyanchev
  • Constructor Details

    • ForwardedHeaderUtils

      public ForwardedHeaderUtils()
  • Method Details

    • adaptFromForwardedHeaders

      public static UriComponentsBuilder adaptFromForwardedHeaders(URI uri, HttpHeaders headers)
      Adapt the scheme+host+port of the given URI from the "Forwarded" header (see RFC 7239) or from the "X-Forwarded-Host", "X-Forwarded-Port", and "X-Forwarded-Proto" headers if "Forwarded" is not present.
      uri - the request URI
      headers - the HTTP headers to consider
      a UriComponentsBuilder that reflects the request URI and additional updates from forwarded headers
    • parseForwardedFor

      @Nullable public static InetSocketAddress parseForwardedFor(URI uri, HttpHeaders headers, @Nullable InetSocketAddress remoteAddress)
      Parse the first "Forwarded: for=..." or "X-Forwarded-For" header value to an InetSocketAddress representing the address of the client.
      uri - the request URI
      headers - the request headers that may contain forwarded headers
      remoteAddress - the current remote address
      an InetSocketAddress with the extracted host and port, or null if the headers are not present
      See Also: