java – Issue with Forwarded Header and Multiple Values in Spring


According to the RFC7239 specification, syntax for Forwarded Header is as follows:

Forwarded: by=<identifier>;for=<identifier>;host=<host>;proto=<http|https>

This values are used by Spring (all recent versions), if present, in order to reflect the client-originated protocol and address (when allowed through a configuration). There is a problem when using multiple values in this header:

# Multiple values can be appended using a comma
Forwarded: for=192.0.2.43,for=198.51.100.17;proto=https;host=xxx.yyy.com;by=10.97.9.10

The code in UriComponentsBuilder#adaptFromForwardedHeaders:798-800 is getting the first Forwarded Header, if multiple are found, split it by comma and use only the first part:

    UriComponentsBuilder adaptFromForwardedHeaders(HttpHeaders headers) {
        try {
            String forwardedHeader = headers.getFirst("Forwarded");
            if (StringUtils.hasText(forwardedHeader)) {
                String forwardedToUse = StringUtils.tokenizeToStringArray(forwardedHeader, ",")(0);
                ....
    }

In our case we have result value – Forwarded: for=192.0.2.43 where all useful information is trimmed.

Is this really an issue or there is something that I am missing? And if this is really a problem, how can I deal with it.
Thanks a lot in advance!