NXRM has upgraded Eclipse Jetty from 9.4.18.v20190429 to 9.4.30.v20200611 between NXRM version 3.25.1 to 3.26.0. (
NEXUS-24327 ). The newer version of Jetty has included changes ( attempts to fix reported bugs against Jetty ) to how X-Forwarded headers are being handled.
Some customers are reporting that previously working X-Forwarded-* header combinations now no longer work. The built in protection of valid Host headers NXRM performs may fail inbound requests with a 400 status code response:
For example this request:
Will fail with this in nexus.log:
An upstream bug has been filed:
If possible, remove the X-Forwarded-Port header from the inbound requests - or the port value from the X-Forwarded-Host value - both of these options seem to allow correct interpretation of implicit server name.