- Greg Wilkins (Webtide, LLC)
- Jan Bartel (Webtide, LLC)
- Jesse McConnell (Webtide, LLC)
- Joakim Erdfelt (Webtide, LLC)
- Simone Bordet (Webtide, LLC)
- David Jencks (IBM)
- Olivier Lamy (Webtide, LLC)
//
// ========================================================================
// Copyright (c) 1995-2019 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.server;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
Customizes requests that lack the Host header (for example, HTTP 1.0 requests). In case of HTTP 1.0 requests that lack the Host header, the application may issue a redirect, and the Location header is usually constructed from the Host header; if the Host header is missing, the server may query the connector for its IP address in order to construct the Location header, and thus leak to clients internal IP addresses.
This Customizer is configured with a serverName and optionally a serverPort. If the Host header is absent, the configured serverName will be set on the request so that ServletRequest.getServerName() will return that value, and likewise for serverPort and ServletRequest.getServerPort().
/**
* Customizes requests that lack the {@code Host} header (for example, HTTP 1.0 requests).
* <p>
* In case of HTTP 1.0 requests that lack the {@code Host} header, the application may issue
* a redirect, and the {@code Location} header is usually constructed from the {@code Host}
* header; if the {@code Host} header is missing, the server may query the connector for its
* IP address in order to construct the {@code Location} header, and thus leak to clients
* internal IP addresses.
* <p>
* This {@link HttpConfiguration.Customizer} is configured with a {@code serverName} and
* optionally a {@code serverPort}.
* If the {@code Host} header is absent, the configured {@code serverName} will be set on
* the request so that {@link HttpServletRequest#getServerName()} will return that value,
* and likewise for {@code serverPort} and {@link HttpServletRequest#getServerPort()}.
*/
public class HostHeaderCustomizer implements HttpConfiguration.Customizer
{
private final String serverName;
private final int serverPort;
Params: - serverName – the
serverName to set on the request (the serverPort will not be set)
/**
* @param serverName the {@code serverName} to set on the request (the {@code serverPort} will not be set)
*/
public HostHeaderCustomizer(String serverName)
{
this(serverName, 0);
}
Params: - serverName – the
serverName to set on the request - serverPort – the
serverPort to set on the request
/**
* @param serverName the {@code serverName} to set on the request
* @param serverPort the {@code serverPort} to set on the request
*/
public HostHeaderCustomizer(String serverName, int serverPort)
{
this.serverName = Objects.requireNonNull(serverName);
this.serverPort = serverPort;
}
@Override
public void customize(Connector connector, HttpConfiguration channelConfig, Request request)
{
if (request.getHeader("Host") == null)
request.setAuthority(serverName, serverPort); // TODO set the field as well?
}
}