Skip to content

Use native request remote address for XForwarded trusted proxies#4077

Open
lly835 wants to merge 1 commit intospring-cloud:mainfrom
lly835:fix/issue-4074
Open

Use native request remote address for XForwarded trusted proxies#4077
lly835 wants to merge 1 commit intospring-cloud:mainfrom
lly835:fix/issue-4074

Conversation

@lly835
Copy link

@lly835 lly835 commented Feb 27, 2026

Fixes #4074.

Summary

  • In XForwardedHeadersFilter, resolve remote address from ServerHttpRequestDecorator.getNativeRequest(request) instead of request.getRemoteAddress().
  • Use that native peer address consistently for:
    • trusted-proxies check
    • X-Forwarded-For value appended by the filter
  • Add a regression test (trustedProxiesUsesNativeRequestRemoteAddress) that decorates the request with a rewritten remote address and verifies trusted-proxies logic still uses the native connection peer.

Testing

  • Attempted: ./mvnw -pl spring-cloud-gateway-server-webflux -Dtest=XForwardedHeadersFilterTests test
  • Could not run in this environment because no Java runtime is installed (Unable to locate a Java Runtime).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

waiting-for-triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

XForwardedHeadersFilter uses wrong remote address for trusted-proxies check

2 participants

@lly835 @spring-cloud-issues