Merge pull request #30 from FusionAuth/degroff/get_host_handle_multiple

Account for more than one host value

Author: robotdan

src/main/java/io/fusionauth/http/server/HTTPRequest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2022-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -389,12 +389,17 @@ public String getHost() {
       return host;
     }
 
+    String[] xHosts = xHost.split(",");
+    if (xHosts.length > 1) {
+      xHost = xHosts[0];
+    }
+
     int colon = xHost.indexOf(':');
     if (colon > 0) {
       return xHost.substring(0, colon);
     }
 
-    return xHost;
+    return xHost.trim();
   }
 
   public void setHost(String host) {

src/test/java/io/fusionauth/http/HTTPRequestTest.java

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022-2024, FusionAuth, All Rights Reserved
+ * Copyright (c) 2022-2025, FusionAuth, All Rights Reserved
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -104,6 +104,36 @@ public void getBaseURL() {
         "X-Forwarded-Proto", "http");
   }
 
+  @Test
+  public void getHost() {
+    // Single host
+    assertGetHost("acme.com", "acme.com");
+
+    // Single host with port
+    assertGetHost("acme.com:42", "acme.com");
+
+    // Multiple hosts
+    assertGetHost("acme.com, example.com", "acme.com");
+
+    // Multiple hosts with spacing
+    assertGetHost("acme.com ,  example.com ", "acme.com");
+
+    // Multiple hosts with spacing and ports
+    assertGetHost("acme.com:41 ,  example.com:42 ", "acme.com");
+  }
+
+  @Test
+  public void getIPAddress() {
+    // Single IP
+    assertGetIPAddress("192.168.1.1", "192.168.1.1");
+
+    // Multiple IPs
+    assertGetIPAddress("192.168.1.1, 192.168.1.2", "192.168.1.1");
+
+    // Multiple IPs with spacing
+    assertGetIPAddress("192.168.1.1 ,  192.168.1.2 ", "192.168.1.1");
+  }
+
   @Test
   public void hostHeaderPortHandling() {
     // positive cases
@@ -203,6 +233,18 @@ private void assertBaseURL(String expected, String... headers) {
     assertBaseURL(expected, null, headers);
   }
 
+  private void assertGetHost(String header, @SuppressWarnings("SameParameterValue") String expected) {
+    HTTPRequest request = new HTTPRequest();
+    request.setHeader(Headers.XForwardedHost, header);
+    assertEquals(request.getHost(), expected);
+  }
+
+  private void assertGetIPAddress(String header, @SuppressWarnings("SameParameterValue") String expected) {
+    HTTPRequest request = new HTTPRequest();
+    request.setHeader(Headers.XForwardedFor, header);
+    assertEquals(request.getIPAddress(), expected);
+  }
+
   private void assertURLs(String scheme, String source, String host, int port, String baseURL) {
     HTTPRequest request = new HTTPRequest();
     request.setScheme(scheme);