Some webserver are picky with the encoding (uWSGI for example) and the current code behavior of decoding and reencoding the query string can lead to valid requests
rejected by the backend after the modifications in Zuul. This commit adds an optional parameter to force the original encoding of the query string in SimpleHostRoutingFilter.
Fixes gh-971
RxJavaReturnValueHandlerConfig can only be loaded when both spring-web
and spring-webmvc are on the classpath, because it contains a reference
to the WebMvcConfigurerAdapter class.
But the ConditionalOnClass annotation only included the class from
spring-web. In our situation, only spring-web was on the classpath,
resulting in a NoClassDefFoundError for WebMvcConfigurerAdapter. Fix it
by adding that class to the condition as well.
Instead of blocking them (which is the default behaviour of a
Spring MVC controller) Cors requests will flow through the Zuul
filters by default. Users can control it by grabbing the
ZuulHandlerMapping in a @PostConstruct and injecting some
CorsConfiguration via its setCorsConfigurations() method.
This fixes most of the issues people encounter when there are
multiple proxies in the request. The tricky thing is that there
is another header "Forwarded" that we don't recognize, but which
backends probably do, at least some of the time (since it is
from an actual RFC). The problem is that "Forwarded" does not
contain the ports, so Spring UriComponentsBuilder cannot use it
to rewrite links to a specific port. Since we do not support it
already, this change doesn't make things any worse, but the
corner case is there still.
Secure ribbon urls were forced to use https scheme via UriComponentsBuilder, that was created from original uri. This transformation url encoded previously encoded url parts that were used to create builder. This was introduced in c883495.
This change fixes double url encoding using RibbonUtils.updateToHttpsIfNeeded that fixes double escaping case and corner case with '+' in url as well.
Fixes gh-1382
Previously, parameter names with colons (ie foo:bar), caused an IllegalArgumentException because 41c364002f introduced UriTemplate to properly encode.
fixes gh-1193
* add config option to not ignore security headers
* fix field documentation of ignoreSecurityHeaders
* add documenation for zuul.ignoreSecurityHeaders
fixes gh-1096
RibbonUtils now replace the encoded space character '+' in the query string in favor of the equivalent '%20' when rewriting the URI in https. This is due to UriComponentsBuilder verifying the allowed characters in the encoded URI when building to the URI java.net class. The '+' is considered illegal but is widely used in the field. (#1367)
Rob Worsnop
Julien Hoarau
Bertrand Renuart
Spencer Gibb
Ryan Baxter
Jacques-Etienne Beaudet
Ryan Baxter
Robin Stocker
Venil Noronha
Dave Syer
Alena
Max Ishchenko
bpicode
Mathias Düsterhöft