ForwardRequestCustomizer is wrong if request enters via HTTPS connector but no Forward headers

[cstamas]

Jetty version
9.4.32

Java version
1.8

OS type/version
Linux/macOS

Description
IF ForwardRequestCustomizer in place (w/ default config), and request enters via HTTPS connector (let's say using 8443 port), and there are no Forward headers present in request, the ForwardRequestCustomizer misbehaves.

It modifies the Host header to hostname:80. What I'd expect, is to either leave it untouched, or, honor the incoming connector port or scheme.

How to reproduce
Take 9.4.32 distribution, create new base, enable following modules:

• http
• https
• http-forwarded
• debug

Expose Jetty 8443 port on 443 as per Jetty doco (using iptables/ipchains), but I did it like this:

sudo ssh -gL 443:127.0.0.1:8443 $USER@localhost

do some request against Jetty exposed on 443 port:

curl -v --insecure https://localhost/files/

observe Jetty log, I had this in log:

2020-10-21 12:57:34.775:>> REQUEST ctx=/files@5204062d r=/files/@4972b79a REQUEST GET https://localhost:80/files/ HTTP/1.1 HttpChannelOverHttp@3382480{s=HttpChannelState@17d0843d{s=HANDLING rs=BLOCKING os=OPEN is=IDLE awp=false se=false i=true al=0},r=1,
c=false/false,a=HANDLING,uri=https://localhost:80/files/,age=2}
Host: localhost:80
User-Agent: curl/7.73.0
Accept: */*


2020-10-21 12:57:34.778:<< REQUEST ctx=/files@5204062d r=/files/@4972b79a async=false 200
Content-Type: text/html;charset=utf-8
Content-Length: 642


2020-10-21 12:57:34.778:<  ctx=/files@5204062d r=/files/@4972b79a

Notice following:

• curl sent header Host: localhost but Jetty "rewrote" it to Host: localhost:80
• that is incorrect, as incoming REQUEST GET is HTTPS, basically the whole log is wrong (port 80 is nowhere used, involved ports are 443 and 8443).

[joakime]

Fixed in jetty-9.4.x HEAD already.

#5419

[joakime]

Jetty 9.4.33 (due out soon) will have this fix.

[joakime]

Be aware of the following ForwardRequestCustomizer fixes in 9.4.33 ...

• Request without Host header fails with NullPointerException in ForwardedRequestCustomizer #5443 - Request without Host header fails with NullPointerException in ForwardedRequestCustomizer
• Badly configured HttpConfiguration.securePort can lead to wrong port produced by ForwardedHeader #5417 - Badly configured HttpConfiguration.securePort can lead to wrong port produced by ForwardedHeader
• ForwardingRequestCustomizer can change request.metadata even if there are no Forwarding headers present #5437 - ForwardingRequestCustomizer can change request.metadata even if there are no Forwarding headers present