Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23294

Interpret X-Forwarded-Port

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Under some conditions a reverse proxy may define X-Forwarded-Port yet the Jenkins servlet container still returns 80 for ServletRequest.getServerPort. This causes problems for computing Jenkins.getRootUrlFromRequest, the current implementation of which treats the default port as 80 regardless of the scheme; we would like the default to be 443 when X-Forwarded-Proto: https, yet this will only work if the servlet container coƶperates. Easier to have Jenkins itself interpret this header when set.

        Attachments

          Issue Links

            Activity

            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Link This issue is related to JENKINS-10675 [ JENKINS-10675 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            core/src/main/java/jenkins/model/Jenkins.java
            http://jenkins-ci.org/commit/jenkins/5bad446dd51d31efd60538eab5c87bdde57114e9
            Log:
            [FIXED JENKINS-23294] Interpret X-Forwarded-Port

            • Also fixed handling of X-Forwarded-Proto and added support for X-Forwarded-Host
            • Additional complexity is that there can be multiple headers with the same name (which was handled by default by accident) and
              that a header value may contain a comma separated list if there were multiple forwarding hops.
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: core/src/main/java/jenkins/model/Jenkins.java http://jenkins-ci.org/commit/jenkins/5bad446dd51d31efd60538eab5c87bdde57114e9 Log: [FIXED JENKINS-23294] Interpret X-Forwarded-Port Also fixed handling of X-Forwarded-Proto and added support for X-Forwarded-Host Additional complexity is that there can be multiple headers with the same name (which was handled by default by accident) and that a header value may contain a comma separated list if there were multiple forwarding hops.
            scm_issue_link SCM/JIRA link daemon made changes -
            Status In Progress [ 3 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java
            core/src/main/java/jenkins/model/Jenkins.java
            core/src/test/java/jenkins/model/JenkinsGetRootUrlTest.java
            test/src/test/java/hudson/diagnosis/ReverseProxySetupMonitorTest.java
            http://jenkins-ci.org/commit/jenkins/cffe9df0176b0ff895554ce7f2ea4d2f20062351
            Log:
            [FIXED JENKINS-23294] Deal with X-Forwarded-Port.
            If this is set, use it instead of ServletRequest.getServerPort() for purposes of getRootUrlFromRequest().
            Also treat the default port as scheme-specific in that method (which presumes that we in fact got the reported port right).
            And enhance the reverse proxy setup monitor to validate that the Referer header (/manage)
            actually matches what we have computed from getRootUrlFromRequest;
            if it does not, something is messed up, though it may require some digging to find what.
            (Would be better to let the monitor specify the exact problem it determined,
            though this is not always actually possible;
            for example if you are missing AllowEncodedSlashes NoDecode in Apache,
            you just get a 404 from Apache without even getting to Jenkins.)

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java core/src/main/java/jenkins/model/Jenkins.java core/src/test/java/jenkins/model/JenkinsGetRootUrlTest.java test/src/test/java/hudson/diagnosis/ReverseProxySetupMonitorTest.java http://jenkins-ci.org/commit/jenkins/cffe9df0176b0ff895554ce7f2ea4d2f20062351 Log: [FIXED JENKINS-23294] Deal with X-Forwarded-Port. If this is set, use it instead of ServletRequest.getServerPort() for purposes of getRootUrlFromRequest(). Also treat the default port as scheme-specific in that method (which presumes that we in fact got the reported port right). And enhance the reverse proxy setup monitor to validate that the Referer header (/manage) actually matches what we have computed from getRootUrlFromRequest; if it does not, something is messed up, though it may require some digging to find what. (Would be better to let the monitor specify the exact problem it determined, though this is not always actually possible; for example if you are missing AllowEncodedSlashes NoDecode in Apache, you just get a 404 from Apache without even getting to Jenkins.)
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            core/src/main/java/jenkins/model/Jenkins.java
            http://jenkins-ci.org/commit/jenkins/333b05e356c70e90a7a1eeab9cb7d964c00fcd02
            Log:
            [FIXED JENKINS-23294] Interpret X-Forwarded-Port

            • Also fixed handling of X-Forwarded-Proto and added support for X-Forwarded-Host
            • Additional complexity is that there can be multiple headers with the same name (which was handled by default by accident) and
              that a header value may contain a comma separated list if there were multiple forwarding hops.
            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: core/src/main/java/jenkins/model/Jenkins.java http://jenkins-ci.org/commit/jenkins/333b05e356c70e90a7a1eeab9cb7d964c00fcd02 Log: [FIXED JENKINS-23294] Interpret X-Forwarded-Port Also fixed handling of X-Forwarded-Proto and added support for X-Forwarded-Host Additional complexity is that there can be multiple headers with the same name (which was handled by default by accident) and that a header value may contain a comma separated list if there were multiple forwarding hops.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java
            core/src/main/java/jenkins/model/Jenkins.java
            core/src/test/java/jenkins/model/JenkinsGetRootUrlTest.java
            test/src/main/java/org/jvnet/hudson/test/HudsonTestCase.java
            test/src/test/java/hudson/diagnosis/ReverseProxySetupMonitorTest.java
            test/src/test/java/jenkins/security/RekeySecretAdminMonitorTest.java
            http://jenkins-ci.org/commit/jenkins/a239197a8fd17e3831af36bfb9b3c90c550a9bb1
            Log:
            Merge pull request #1294 from jenkinsci/pull/1265/head

            [FIXED JENKINS-23294] Interpret X-Forwarded-Port

            Compare: https://github.com/jenkinsci/jenkins/compare/f277502a8304...a239197a8fd1

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java core/src/main/java/jenkins/model/Jenkins.java core/src/test/java/jenkins/model/JenkinsGetRootUrlTest.java test/src/main/java/org/jvnet/hudson/test/HudsonTestCase.java test/src/test/java/hudson/diagnosis/ReverseProxySetupMonitorTest.java test/src/test/java/jenkins/security/RekeySecretAdminMonitorTest.java http://jenkins-ci.org/commit/jenkins/a239197a8fd17e3831af36bfb9b3c90c550a9bb1 Log: Merge pull request #1294 from jenkinsci/pull/1265/head [FIXED JENKINS-23294] Interpret X-Forwarded-Port Compare: https://github.com/jenkinsci/jenkins/compare/f277502a8304...a239197a8fd1
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #3498
            [FIXED JENKINS-23294] Interpret X-Forwarded-Port (Revision 5bad446dd51d31efd60538eab5c87bdde57114e9)
            [FIXED JENKINS-23294] Deal with X-Forwarded-Port. (Revision cffe9df0176b0ff895554ce7f2ea4d2f20062351)

            Result = SUCCESS
            Stephen Connolly : 5bad446dd51d31efd60538eab5c87bdde57114e9
            Files :

            • core/src/main/java/jenkins/model/Jenkins.java

            Stephen Connolly : cffe9df0176b0ff895554ce7f2ea4d2f20062351
            Files :

            • core/src/test/java/jenkins/model/JenkinsGetRootUrlTest.java
            • core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java
            • test/src/test/java/hudson/diagnosis/ReverseProxySetupMonitorTest.java
            • core/src/main/java/jenkins/model/Jenkins.java
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #3498 [FIXED JENKINS-23294] Interpret X-Forwarded-Port (Revision 5bad446dd51d31efd60538eab5c87bdde57114e9) [FIXED JENKINS-23294] Deal with X-Forwarded-Port. (Revision cffe9df0176b0ff895554ce7f2ea4d2f20062351) Result = SUCCESS Stephen Connolly : 5bad446dd51d31efd60538eab5c87bdde57114e9 Files : core/src/main/java/jenkins/model/Jenkins.java Stephen Connolly : cffe9df0176b0ff895554ce7f2ea4d2f20062351 Files : core/src/test/java/jenkins/model/JenkinsGetRootUrlTest.java core/src/main/java/hudson/diagnosis/ReverseProxySetupMonitor.java test/src/test/java/hudson/diagnosis/ReverseProxySetupMonitorTest.java core/src/main/java/jenkins/model/Jenkins.java
            jglick Jesse Glick made changes -
            Link This issue depends on JENKINS-31068 [ JENKINS-31068 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            test/src/main/java/org/jvnet/hudson/test/HudsonTestCase.java
            http://jenkins-ci.org/commit/jenkins-test-harness/81ccc04db253c5e14c52c49e82416e8538fdefc6
            Log:
            Merge pull request #1294 from jenkinsci/pull/1265/head

            [FIXED JENKINS-23294] Interpret X-Forwarded-Port
            Originally-Committed-As: a239197a8fd17e3831af36bfb9b3c90c550a9bb1

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: test/src/main/java/org/jvnet/hudson/test/HudsonTestCase.java http://jenkins-ci.org/commit/jenkins-test-harness/81ccc04db253c5e14c52c49e82416e8538fdefc6 Log: Merge pull request #1294 from jenkinsci/pull/1265/head [FIXED JENKINS-23294] Interpret X-Forwarded-Port Originally-Committed-As: a239197a8fd17e3831af36bfb9b3c90c550a9bb1
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 155859 ] JNJira + In-Review [ 195274 ]

              People

              • Assignee:
                jglick Jesse Glick
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: