Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically use reverse proxy headers when present #45456

Open
faermanj opened this issue Jan 8, 2025 · 2 comments
Open

Automatically use reverse proxy headers when present #45456

faermanj opened this issue Jan 8, 2025 · 2 comments
Labels
area/rest kind/enhancement New feature or request

Comments

@faermanj
Copy link

faermanj commented Jan 8, 2025

Description

When generating redirects (like Response.seeOther()), behind a reverse proxy, UriInfo.getBaseURI() will generate incorrect URLs and fail unless proxy support is configured with quarkus.http.proxy.proxy-address-forwarding=true and quarkus.http.proxy.enable-forwarded-host=true.
So, unless developers know this beforehand, applications will break when being moved from "unproxied" to "proxied", such as moving "dev" to "prod", with only a with a malformed url exception.
It would be more reliable to always use proxy headers when present, or unless configured otherwise.

Implementation ideas

No response

@faermanj faermanj added the kind/enhancement New feature or request label Jan 8, 2025
@geoand
Copy link
Contributor

geoand commented Jan 8, 2025

This is indeed very interesting!

Mind attaching a sample that we can use to test potential solutions against?

@sberyozkin
Copy link
Member

sberyozkin commented Jan 11, 2025

@faermanj Hi, but the reason users have to allow accepting forwarding headers is because they have to accept the security implications. Users are expected to know the prod requirements related to proxying.

IMHO, Quarkus doing it automatically is not safe, and it will effectively make the existing forwarded headers control irrelevant.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/rest kind/enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants