java - 如何在 Spring Boot 应用程序中禁用请求 header 上的主机信息验证

Question

我有一个供应商应用程序在其 header 上发送 Host=servername:8444s - note-port 以字符 s 结尾。看起来它会导致问题，并且请求无法传递给 DispatcherServlet。

我在下面的帖子中有详细的日志。 what would be the reason not detecting RestController for some requests

有没有办法在 Spring Boot 应用程序中禁用 header 信息(主机名:端口)的验证？

请指导我。

Answer 1

Tomcat(不是 Spring Boot)返回 400，因为主机 header 无效，没有配置选项可以更改此行为。

引用自 https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

14.23 Host

The Host request-header field specifies the Internet host and port number of the resource being requested, as obtained from the original URI given by the user or referring resource (generally an HTTP URL, as described in section 3.2.2). The Host field value MUST represent the naming authority of the origin server or gateway given by the original URL. This allows the origin server or gateway to differentiate between internally-ambiguous URLs, such as the root "/" URL of a server for multiple host names on a single IP address.

   Host = "Host" ":" host [ ":" port ] ; Section 3.2.2

A "host" without any trailing port information implies the default port for the service requested (e.g., "80" for an HTTP URL). For example, a request on the origin server for http://www.w3.org/pub/WWW/ would properly include:

   GET /pub/WWW/ HTTP/1.1
   Host: www.w3.org

A client MUST include a Host header field in all HTTP/1.1 request messages . If the requested URI does not include an Internet host name for the service being requested, then the Host header field MUST be given with an empty value. An HTTP/1.1 proxy MUST ensure that any request message it forwards does contain an appropriate Host header field that identifies the service being requested by the proxy. All Internet-based HTTP/1.1 servers MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message which lacks a Host header field.